softmagic.c: fix buffer overrun (issue #206, reported by J. Greene)

author Reuben Thomas <rrt@sc3d.org>

Wed, 3 Oct 2012 22:13:21 +0000 (22:13 +0000)

committer Reuben Thomas <rrt@sc3d.org>

Wed, 3 Oct 2012 22:13:21 +0000 (22:13 +0000)
author Reuben Thomas <rrt@sc3d.org>
Wed, 3 Oct 2012 22:13:21 +0000 (22:13 +0000)
committer Reuben Thomas <rrt@sc3d.org>
Wed, 3 Oct 2012 22:13:21 +0000 (22:13 +0000)
diff --git a/src/softmagic.c b/src/softmagic.c

index 85fffed5802ed582f9ac90a5865a00047fea6646..f1f745f5aa3960449bc410f31ed8dfa85dd9ad1a 100644 (file)
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
  #include "file.h"
  
  #ifndef        lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.150 2012/05/15 17:14:36 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.151 2012/09/06 14:42:39 christos Exp $")
  #endif /* lint */
  
  #include "magic.h"
@@ -130,8 +130,9 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
                       (!text && (m->str_flags & (STRING_TEXTTEST | STRING_BINTEST)) == STRING_TEXTTEST))) ||
                     (m->flag & mode) != mode) {
                         /* Skip sub-tests */
-                       while (magic[magindex + 1].cont_level != 0 &&
-                              ++magindex < nmagic)
+                       while (magindex + 1 < nmagic &&
+                               magic[magindex + 1].cont_level != 0 &&
+                              ++magindex)
                                 continue;
                         continue; /* Skip to next top-level test*/
                 }
author	Reuben Thomas <rrt@sc3d.org>
	Wed, 3 Oct 2012 22:13:21 +0000 (22:13 +0000)
committer	Reuben Thomas <rrt@sc3d.org>
	Wed, 3 Oct 2012 22:13:21 +0000 (22:13 +0000)