Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_3/php-sapi/patches/270_php_20192108.patch
changeset 4987 6a82655eda42
parent 4986 90a869b3f47a
child 4988 4b69c7c7e09b
equal deleted inserted replaced
4986:90a869b3f47a 4987:6a82655eda42 
     1 CVE-2014-3710
 
       
     2 Community BUG:
 
       
     3 https://bugs.php.net/bug.php?id=68283
 
       
     4 Community CODE:
 
       
     5 http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d
 
       
     6 really:
 
       
     7 https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
 
       
     8 This patch was created from the community reports above.
 
       
     9 
       
    10 
       
    11 --- php-5.3.29/ext/fileinfo/libmagic/readelf.c_orig	2015-06-12 14:26:23.865377086 -0700
 
       
    12 +++ php-5.3.29/ext/fileinfo/libmagic/readelf.c	2015-06-12 14:29:09.089820837 -0700
 
       
    13 @@ -368,6 +368,13 @@
 
       
    14  #endif
 
       
    15  	uint32_t namesz, descsz;
 
       
    16  
       
    17 +	if (xnh_sizeof + offset > size) {
 
       
    18 +	       /*
 
       
    19 +		* We're out of note headers.
 
       
    20 +		*/
 
       
    21 +		return xnh_sizeof + offset;
 
       
    22 +	}
 
       
    23 +
 
       
    24  	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
 
       
    25  	offset += xnh_sizeof;
 
       
    26
upstream/oracle/userland-gate