segfault in magic_buffer

Christos Zoulas christos at zoulas.com
Tue Feb 11 17:41:52 EET 2014


On Feb 10,  3:25pm, melchers at ZEDAT.FU-Berlin.DE (Bernd Melchers) wrote:
-- Subject: segfault in magic_buffer

| using magic_buffer(3) or file(1) version 5.16 for a file with
| the eight bytes=20
| 45 52 00 00 00 00 00 00
| results in a segfault (linux, gcc 4.3.4).
| 
| Mit freundlichen Gr=FC=DFen
| Bernd Melchers

Infinite recursion...

christos

Index: softmagic.c
===================================================================
RCS file: /p/file/cvsroot/file/src/softmagic.c,v
retrieving revision 1.172
diff -u -u -r1.172 softmagic.c
--- softmagic.c	8 Jan 2014 22:22:54 -0000	1.172
+++ softmagic.c	11 Feb 2014 15:41:13 -0000
@@ -1738,6 +1738,8 @@
 		break;
 
 	case FILE_INDIRECT:
+		if (offset == 0)
+			return 0;
 		if (OFFSET_OOB(nbytes, offset, 0))
 			return 0;
 		sbuf = ms->o.buf;


More information about the File mailing list