Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix bug #67716 - Segfault in cdf.c
  • Loading branch information
remicollet authored and smalyshev committed Aug 15, 2014
1 parent fd28010 commit 7ba1409
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions NEWS
Expand Up @@ -8,6 +8,7 @@ PHP NEWS
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)

- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
Expand Down
2 changes: 1 addition & 1 deletion ext/fileinfo/libmagic/cdf.c
Expand Up @@ -820,7 +820,7 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
q = (const uint8_t *)(const void *)
((const char *)(const void *)p + ofs
- 2 * sizeof(uint32_t));
if (q > e) {
if (q < p || q > e) {
DPRINTF(("Ran of the end %p > %p\n", q, e));
goto out;
}
Expand Down

0 comments on commit 7ba1409

Please sign in to comment.