From: Reuben Thomas <rrt@sc3d.org>
Date: Sun, 16 Jan 2011 19:30:36 +0000 (+0000)
Subject: Fix two potential buffer overruns in apprentice_list.
X-Git-Tag: FILE5_07~64
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=148f1089b5c4f5ec5d51c2f147379817cb9ac47d;p=file

Fix two potential buffer overruns in apprentice_list.
---

diff --git a/src/apprentice.c b/src/apprentice.c
index b4976a0c..16ae5c12 100644
--- a/src/apprentice.c
+++ b/src/apprentice.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: apprentice.c,v 1.163 2010/12/22 19:09:10 christos Exp $")
+FILE_RCSID("@(#)$File: apprentice.c,v 1.164 2011/01/04 19:29:32 rrt Exp $")
 #endif	/* lint */
 
 #include "magic.h"
@@ -569,9 +569,9 @@ apprentice_list(struct mlist *mlist, int mode)
 			struct magic *m = &ml->magic[magindex];
 			if ((m->flag & mode) != mode) {
 				/* Skip sub-tests */
-				while (ml->magic[magindex + 1].cont_level != 0
-				    && ++magindex < ml->nmagic)
-					continue;
+				while (magindex + 1 < ml->nmagic &&
+				       ml->magic[magindex + 1].cont_level != 0)
+					++magindex;
 				continue; /* Skip to next top-level test*/
 			}
 
@@ -579,10 +579,10 @@ apprentice_list(struct mlist *mlist, int mode)
 			 * Try to iterate over the tree until we find item with
 			 * description/mimetype.
 			 */
-			while (ml->magic[magindex + 1].cont_level != 0 &&
-			    *ml->magic[magindex].desc == '\0' &&
-			    *ml->magic[magindex].mimetype == '\0' &&
-			    magindex + 1 < ml->nmagic)
+			while (magindex + 1 < ml->nmagic &&
+			       ml->magic[magindex + 1].cont_level != 0 &&
+			       *ml->magic[magindex].desc == '\0' &&
+			       *ml->magic[magindex].mimetype == '\0')
 				magindex++;
 
 			printf("Strength = %3" SIZE_T_FORMAT "u : %s [%s]\n",