Skip to content
Permalink
Browse files

PR/454: Fix memory corruption when the continuation level jumps by mo…

…re than

20 in a single step.
  • Loading branch information...
zoulasc committed Jun 3, 2015
1 parent b6e8437 commit 6713ca45e7757297381f4b4cdb9cf5e624a9ad36
Showing with 2 additions and 2 deletions.
  1. +2 −2 src/funcs.c
@@ -27,7 +27,7 @@
#include "file.h"

#ifndef lint
FILE_RCSID("@(#)$File: funcs.c,v 1.80 2015/01/02 21:29:39 christos Exp $")
FILE_RCSID("@(#)$File: funcs.c,v 1.81 2015/05/28 19:26:59 christos Exp $")
#endif /* lint */

#include "magic.h"
@@ -416,7 +416,7 @@ file_check_mem(struct magic_set *ms, unsigned int level)
size_t len;

if (level >= ms->c.len) {
len = (ms->c.len += 20) * sizeof(*ms->c.li);
len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
malloc(len) :
realloc(ms->c.li, len));

6 comments on commit 6713ca4

@fgeek

This comment has been minimized.

Copy link

fgeek replied Apr 25, 2016

CVE request in oss-security mailing list can be seen in http://www.openwall.com/lists/oss-security/2016/04/11/7 (url here for cross-reference).

@glensc

This comment has been minimized.

Copy link
Member

glensc replied Apr 25, 2016

please re-post that to mailinglist of open new item bugtracker. this repo is just git mirror (read the description!)

@glensc

This comment has been minimized.

Copy link
Member

glensc replied Apr 25, 2016

seems it's already resolved in 5.23, http://bugs.gw.com/view.php?id=522

@fgeek

This comment has been minimized.

Copy link

fgeek replied Apr 25, 2016

I posted the link here to have cross-reference.

@glensc

This comment has been minimized.

Copy link
Member

glensc replied Apr 25, 2016

then you should had said so, not just post only link!

@fgeek

This comment has been minimized.

Copy link

fgeek replied Apr 25, 2016

Sorry. I will remember to do so next time. Have a nice week.

Please sign in to comment.
You can’t perform that action at this time.