From f24bc95f8d066a166a889805db7258de3d4ad5e5 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Thu, 6 Mar 2014 16:16:56 +0000
Subject: [PATCH] PR/323: Tobias Stoeckmann: Add size_t overflow check for
 stat.

---
 src/apprentice.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/apprentice.c b/src/apprentice.c
index ffea5e60..78283820 100644
--- a/src/apprentice.c
+++ b/src/apprentice.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: apprentice.c,v 1.195 2013/09/12 15:57:32 christos Exp $")
+FILE_RCSID("@(#)$File: apprentice.c,v 1.196 2013/11/19 21:01:12 christos Exp $")
 #endif	/* lint */
 
 #include "magic.h"
@@ -48,6 +48,13 @@ FILE_RCSID("@(#)$File: apprentice.c,v 1.195 2013/09/12 15:57:32 christos Exp $")
 #include <sys/mman.h>
 #endif
 #include <dirent.h>
+#if defined(HAVE_LIMITS_H)
+#include <limits.h>
+#endif
+
+#ifndef SIZE_MAX
+#define SIZE_MAX        ((size_t)~0)
+#endif
 
 #define	EATAB {while (isascii((unsigned char) *l) && \
 		      isspace((unsigned char) *l))  ++l;}
@@ -2601,8 +2608,9 @@ apprentice_map(struct magic_set *ms, const char *fn)
 		file_error(ms, errno, "cannot stat `%s'", dbname);
 		goto error;
 	}
-	if (st.st_size < 8) {
-		file_error(ms, 0, "file `%s' is too small", dbname);
+	if (st.st_size < 8 || st.st_size > SIZE_MAX) {
+		file_error(ms, 0, "file `%s' is too %s", dbname,
+		    st.st_size > SIZE_MAX ? "large" : "small");
 		goto error;
 	}
 
-- 
2.49.0