diff options
author | Anatol Belski <ab@php.net> | 2018-11-04 16:56:43 +0100 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2018-11-04 16:57:55 +0100 |
commit | c621182c42a36975970586cfc294bc5a80ba08cb (patch) | |
tree | 8823ce10c1c24570b9ce12b2bbd1c70310d42761 /ext/fileinfo/libmagic | |
parent | 0afc818976a3f0f353916fc1f81e8c82a11fb68b (diff) | |
download | php-git-c621182c42a36975970586cfc294bc5a80ba08cb.tar.gz |
Backport 7f5f4601 for 7.2
Diffstat (limited to 'ext/fileinfo/libmagic')
-rw-r--r-- | ext/fileinfo/libmagic/apprentice.c | 7 | ||||
-rw-r--r-- | ext/fileinfo/libmagic/softmagic.c | 31 |
2 files changed, 16 insertions, 22 deletions
diff --git a/ext/fileinfo/libmagic/apprentice.c b/ext/fileinfo/libmagic/apprentice.c index e55f59bbb8..fae2abb811 100644 --- a/ext/fileinfo/libmagic/apprentice.c +++ b/ext/fileinfo/libmagic/apprentice.c @@ -2524,18 +2524,19 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action) return -1; } if (m->type == FILE_REGEX) { - /* XXX do we need this? */ - /*zval pattern; + zval pattern; int options = 0; pcre_cache_entry *pce; convert_libmagic_pattern(&pattern, m->value.s, strlen(m->value.s), options); if ((pce = pcre_get_compiled_regex_cache(Z_STR(pattern))) == NULL) { + zval_dtor(&pattern); return -1; } + zval_dtor(&pattern); - return 0;*/ + return 0; } return 0; case FILE_FLOAT: diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c index d07d49e7a0..4b10e84664 100644 --- a/ext/fileinfo/libmagic/softmagic.c +++ b/ext/fileinfo/libmagic/softmagic.c @@ -1203,28 +1203,21 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, return 0; } - /* bytecnt checks are to be kept for PHP, see cve-2014-3538. - PCRE might get stuck if the input buffer is too big. */ - linecnt = m->str_range; - bytecnt = linecnt * 80; - - if (bytecnt == 0) { - bytecnt = 1 << 14; + if (m->str_flags & REGEX_LINE_COUNT) { + linecnt = m->str_range; + bytecnt = linecnt * 80; + } else { + linecnt = 0; + bytecnt = m->str_range; } - if (bytecnt > nbytes) { - bytecnt = nbytes; - } - if (offset > bytecnt) { - offset = bytecnt; - } - if (s == NULL) { - ms->search.s_len = 0; - ms->search.s = NULL; - return 0; - } + if (bytecnt == 0 || bytecnt > nbytes - offset) + bytecnt = nbytes - offset; + if (bytecnt > ms->regex_max) + bytecnt = ms->regex_max; + buf = RCAST(const char *, s) + offset; - end = last = RCAST(const char *, s) + bytecnt; + end = last = RCAST(const char *, s) + bytecnt + offset; /* mget() guarantees buf <= last */ for (lines = linecnt, b = buf; lines && b < end && ((b = CAST(const char *, |