From: Christos Zoulas <christos@zoulas.com>
Date: Thu, 28 Jan 2010 23:25:18 +0000 (+0000)
Subject: fix segv from loop overrun
X-Git-Tag: FILE5_05~111
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2953fe0f139e9dcec78a2276c9696f3d94c1c088;p=file

fix segv from loop overrun
---

diff --git a/ChangeLog b/ChangeLog
index fff2f579..211fe3b0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-28  18:25  Christos Zoulas <christos@zoulas.com>
+
+	* Fix core-dump from unbound loop:
+	  https://bugzilla.redhat.com/show_bug.cgi?id=533245
+
 2010-01-22  15:45  Christos Zoulas <christos@zoulas.com>
 
 	* print proper mime for crystal reports file
diff --git a/src/softmagic.c b/src/softmagic.c
index d8a56753..b5287780 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.138 2009/10/19 13:10:20 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.139 2010/01/28 23:25:18 christos Exp $")
 #endif	/* lint */
 
 #include "magic.h"
@@ -945,7 +945,7 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
 			buf = (const char *)s + offset;
 			end = last = (const char *)s + nbytes;
 			/* mget() guarantees buf <= last */
-			for (lines = linecnt, b = buf; lines &&
+			for (lines = linecnt, b = buf; lines && b < end &&
 			     ((b = CAST(const char *,
 				 memchr(c = b, '\n', CAST(size_t, (end - b)))))
 			     || (b = CAST(const char *,