3232#include "file.h"
3333
3434#ifndef lint
35- FILE_RCSID ("@(#)$File: softmagic.c,v 1.170 2014/01/06 02:25:32 christos Exp $" )
35+ FILE_RCSID ("@(#)$File: softmagic.c,v 1.171 2014/01/08 22: 02:06 christos Exp $" )
3636#endif /* lint */
3737
3838#include "magic.h"
@@ -71,6 +71,7 @@ private void cvt_16(union VALUETYPE *, const struct magic *);
7171private void cvt_32 (union VALUETYPE * , const struct magic * );
7272private void cvt_64 (union VALUETYPE * , const struct magic * );
7373
74+ #define OFFSET_OOB (n , o , i ) ((n) < (o) || (i) >= ((n) - (o)))
7475/*
7576 * softmagic - lookup one file in parsed, in-memory copy of database
7677 * Passed the name and FILE * of one file to be typed.
@@ -1223,7 +1224,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
12231224 }
12241225 switch (in_type = cvt_flip (m -> in_type , flip )) {
12251226 case FILE_BYTE :
1226- if (nbytes < offset || nbytes < ( offset + 1 ))
1227+ if (OFFSET_OOB ( nbytes , offset , 1 ))
12271228 return 0 ;
12281229 if (off ) {
12291230 switch (m -> in_op & FILE_OPS_MASK ) {
@@ -1258,7 +1259,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
12581259 offset = ~offset ;
12591260 break ;
12601261 case FILE_BESHORT :
1261- if (nbytes < offset || nbytes < ( offset + 2 ))
1262+ if (OFFSET_OOB ( nbytes , offset , 2 ))
12621263 return 0 ;
12631264 if (off ) {
12641265 switch (m -> in_op & FILE_OPS_MASK ) {
@@ -1310,7 +1311,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
13101311 offset = ~offset ;
13111312 break ;
13121313 case FILE_LESHORT :
1313- if (nbytes < offset || nbytes < ( offset + 2 ))
1314+ if (OFFSET_OOB ( nbytes , offset , 2 ))
13141315 return 0 ;
13151316 if (off ) {
13161317 switch (m -> in_op & FILE_OPS_MASK ) {
@@ -1362,7 +1363,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
13621363 offset = ~offset ;
13631364 break ;
13641365 case FILE_SHORT :
1365- if (nbytes < offset || nbytes < ( offset + 2 ))
1366+ if (OFFSET_OOB ( nbytes , offset , 2 ))
13661367 return 0 ;
13671368 if (off ) {
13681369 switch (m -> in_op & FILE_OPS_MASK ) {
@@ -1399,7 +1400,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
13991400 break ;
14001401 case FILE_BELONG :
14011402 case FILE_BEID3 :
1402- if (nbytes < offset || nbytes < ( offset + 4 ))
1403+ if (OFFSET_OOB ( nbytes , offset , 4 ))
14031404 return 0 ;
14041405 if (off ) {
14051406 switch (m -> in_op & FILE_OPS_MASK ) {
@@ -1470,7 +1471,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
14701471 break ;
14711472 case FILE_LELONG :
14721473 case FILE_LEID3 :
1473- if (nbytes < offset || nbytes < ( offset + 4 ))
1474+ if (OFFSET_OOB ( nbytes , offset , 4 ))
14741475 return 0 ;
14751476 if (off ) {
14761477 switch (m -> in_op & FILE_OPS_MASK ) {
@@ -1540,7 +1541,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
15401541 offset = ~offset ;
15411542 break ;
15421543 case FILE_MELONG :
1543- if (nbytes < offset || nbytes < ( offset + 4 ))
1544+ if (OFFSET_OOB ( nbytes , offset , 4 ))
15441545 return 0 ;
15451546 if (off ) {
15461547 switch (m -> in_op & FILE_OPS_MASK ) {
@@ -1610,7 +1611,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
16101611 offset = ~offset ;
16111612 break ;
16121613 case FILE_LONG :
1613- if (nbytes < offset || nbytes < ( offset + 4 ))
1614+ if (OFFSET_OOB ( nbytes , offset , 4 ))
16141615 return 0 ;
16151616 if (off ) {
16161617 switch (m -> in_op & FILE_OPS_MASK ) {
@@ -1687,14 +1688,14 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
16871688 /* Verify we have enough data to match magic type */
16881689 switch (m -> type ) {
16891690 case FILE_BYTE :
1690- if (nbytes < ( offset + 1 )) /* should alway be true */
1691+ if (OFFSET_OOB ( nbytes , offset , 1 ))
16911692 return 0 ;
16921693 break ;
16931694
16941695 case FILE_SHORT :
16951696 case FILE_BESHORT :
16961697 case FILE_LESHORT :
1697- if (nbytes < ( offset + 2 ))
1698+ if (OFFSET_OOB ( nbytes , offset , 2 ))
16981699 return 0 ;
16991700 break ;
17001701
@@ -1713,31 +1714,31 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
17131714 case FILE_FLOAT :
17141715 case FILE_BEFLOAT :
17151716 case FILE_LEFLOAT :
1716- if (nbytes < ( offset + 4 ))
1717+ if (OFFSET_OOB ( nbytes , offset , 4 ))
17171718 return 0 ;
17181719 break ;
17191720
17201721 case FILE_DOUBLE :
17211722 case FILE_BEDOUBLE :
17221723 case FILE_LEDOUBLE :
1723- if (nbytes < ( offset + 8 ))
1724+ if (OFFSET_OOB ( nbytes , offset , 8 ))
17241725 return 0 ;
17251726 break ;
17261727
17271728 case FILE_STRING :
17281729 case FILE_PSTRING :
17291730 case FILE_SEARCH :
1730- if (nbytes < ( offset + m -> vallen ))
1731+ if (OFFSET_OOB ( nbytes , offset , m -> vallen ))
17311732 return 0 ;
17321733 break ;
17331734
17341735 case FILE_REGEX :
1735- if (nbytes < offset )
1736+ if (OFFSET_OOB ( nbytes , offset , 0 ) )
17361737 return 0 ;
17371738 break ;
17381739
17391740 case FILE_INDIRECT :
1740- if (nbytes < offset )
1741+ if (OFFSET_OOB ( nbytes , offset , 0 ) )
17411742 return 0 ;
17421743 sbuf = ms -> o .buf ;
17431744 soffset = ms -> offset ;
@@ -1761,7 +1762,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m,
17611762 return rv ;
17621763
17631764 case FILE_USE :
1764- if (nbytes < offset )
1765+ if (OFFSET_OOB ( nbytes , offset , 0 ) )
17651766 return 0 ;
17661767 sbuf = m -> value .s ;
17671768 if (* sbuf == '^' ) {
0 commit comments