}
diff -u libmagic.orig/cdf.c libmagic/cdf.c
--- libmagic.orig/cdf.c Tue Feb 26 17:20:42 2013
-+++ libmagic/cdf.c Fri Feb 21 00:21:27 2014
++++ libmagic/cdf.c Tue May 27 22:28:51 2014
@@ -43,7 +43,17 @@
#include <err.h>
#endif
return -1;
return (ssize_t)len;
-@@ -1132,7 +1145,7 @@
+@@ -810,6 +823,10 @@
+ i, inp[i].pi_id, inp[i].pi_type, q - p, offs));
+ if (inp[i].pi_type & CDF_VECTOR) {
+ nelements = CDF_GETUINT32(q, 1);
++ if (nelements == 0) {
++ DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++ goto out;
++ }
+ o = 2;
+ } else {
+ nelements = 1;
+@@ -884,7 +901,9 @@
+ }
+ DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+ nelements));
+- for (j = 0; j < nelements; j++, i++) {
++ for (j = 0; j < nelements && i < sh.sh_properties;
++ j++, i++)
++ {
+ uint32_t l = CDF_GETUINT32(q, o);
+ inp[i].pi_str.s_len = l;
+ inp[i].pi_str.s_buf = (const char *)
+@@ -929,7 +948,7 @@
+ cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count)
+ {
+- size_t i, maxcount;
++ size_t maxcount;
+ const cdf_summary_info_header_t *si =
+ CAST(const cdf_summary_info_header_t *, sst->sst_tab);
+ const cdf_section_declaration_t *sd =
+@@ -944,21 +963,13 @@
+ ssi->si_os = CDF_TOLE2(si->si_os);
+ ssi->si_class = si->si_class;
+ cdf_swap_class(&ssi->si_class);
+- ssi->si_count = CDF_TOLE2(si->si_count);
++ ssi->si_count = CDF_TOLE4(si->si_count);
+ *count = 0;
+ maxcount = 0;
+ *info = NULL;
+- for (i = 0; i < CDF_TOLE4(si->si_count); i++) {
+- if (i >= CDF_LOOP_LIMIT) {
+- DPRINTF(("Unpack summary info loop limit"));
+- errno = EFTYPE;
+- return -1;
+- }
+- if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset),
+- info, count, &maxcount) == -1) {
++ if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info,
++ count, &maxcount) == -1)
+ return -1;
+- }
+- }
+ return 0;
+ }
+
+@@ -1132,7 +1143,7 @@
cdf_directory_t *d;
char name[__arraycount(d->d_name)];
cdf_stream_t scn;
static const char *types[] = { "empty", "user storage",
"user stream", "lockbytes", "property", "root storage" };
-@@ -1185,7 +1198,7 @@
+@@ -1185,7 +1196,7 @@
cdf_dump_property_info(const cdf_property_info_t *info, size_t count)
{
cdf_timestamp_t tp;
char buf[64];
size_t i, j;
-@@ -1229,7 +1242,11 @@
+@@ -1229,7 +1240,11 @@
break;
case CDF_FILETIME:
tp = info[i].pi_tp;
} else {
diff -u libmagic.orig/cdf.h libmagic/cdf.h
--- libmagic.orig/cdf.h Thu Jun 21 00:19:55 2012
-+++ libmagic/cdf.h Fri Feb 21 00:21:27 2014
++++ libmagic/cdf.h Tue May 27 22:28:51 2014
@@ -35,10 +35,12 @@
#ifndef _H_CDF_
#define _H_CDF_
}
diff -u libmagic.orig/readcdf.c libmagic/readcdf.c
--- libmagic.orig/readcdf.c Tue Jan 7 04:13:42 2014
-+++ libmagic/readcdf.c Thu Apr 24 20:07:51 2014
++++ libmagic/readcdf.c Tue May 27 22:28:51 2014
@@ -30,7 +30,11 @@
#endif
projects / php / commitdiff