From: Reuben Thomas <rrt@sc3d.org>
Date: Wed, 3 Oct 2012 22:13:21 +0000 (+0000)
Subject: softmagic.c: fix buffer overrun (issue #206, reported by J. Greene)
X-Git-Tag: FILE5_12~54
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b1b4cd64d98c02a8fc1d8a19fbece6f743bfc6df;p=file

softmagic.c: fix buffer overrun (issue #206, reported by J. Greene)
---

diff --git a/src/softmagic.c b/src/softmagic.c
index 85fffed5..f1f745f5 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.150 2012/05/15 17:14:36 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.151 2012/09/06 14:42:39 christos Exp $")
 #endif	/* lint */
 
 #include "magic.h"
@@ -130,8 +130,9 @@ match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
 		      (!text && (m->str_flags & (STRING_TEXTTEST | STRING_BINTEST)) == STRING_TEXTTEST))) ||
 		    (m->flag & mode) != mode) {
 			/* Skip sub-tests */
-			while (magic[magindex + 1].cont_level != 0 &&
-			       ++magindex < nmagic)
+			while (magindex + 1 < nmagic &&
+                               magic[magindex + 1].cont_level != 0 &&
+			       ++magindex)
 				continue;
 			continue; /* Skip to next top-level test*/
 		}