From: Christos Zoulas <christos@zoulas.com>
Date: Wed, 1 Jun 2016 22:04:10 +0000 (+0000)
Subject: PR/555: Avoid overflow for offset > nbytes (programming error caused
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f215f71363f2b986b722def60edc3b86ea822da9;p=file

PR/555: Avoid overflow for offset > nbytes (programming error caused
by PR/550).
---

diff --git a/src/softmagic.c b/src/softmagic.c
index 153fffa2..2754cd16 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.232 2016/06/01 22:01:15 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.233 2016/06/01 22:04:10 christos Exp $")
 #endif	/* lint */
 
 #include "magic.h"
@@ -1182,6 +1182,8 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
 		switch (type) {
 		case FILE_DER:
 		case FILE_SEARCH:
+			if (offset > nbytes)
+				offset = nbytes;
 			ms->search.s = RCAST(const char *, s) + offset;
 			ms->search.s_len = nbytes - offset;
 			ms->search.offset = offset;