Blame SOURCES/file-5.11-CVE-2014-9653.patch

0233e9
diff --git a/src/readelf.c b/src/readelf.c
0233e9
index 1f4d1f4..05ec736 100644
0233e9
--- a/src/readelf.c
0233e9
+++ b/src/readelf.c
0233e9
@@ -327,7 +327,7 @@ dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
0233e9
 	 * Loop through all the program headers.
0233e9
 	 */
0233e9
 	for ( ; num; num--) {
0233e9
-		if (pread(fd, xph_addr, xph_sizeof, off) == -1) {
0233e9
+		if (pread(fd, xph_addr, xph_sizeof, off) < (ssize_t)xph_sizeof) {
0233e9
 			file_badread(ms);
0233e9
 			return -1;
0233e9
 		}
0233e9
@@ -869,6 +869,7 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
0233e9
 	uint64_t cap_hw1 = 0;	/* SunOS 5.x hardware capabilites */
0233e9
 	uint64_t cap_sf1 = 0;	/* SunOS 5.x software capabilites */
0233e9
 	char name[50];
0233e9
+	ssize_t namesize;
0233e9
 
0233e9
 	if (size != xsh_sizeof) {
0233e9
 		if (file_printf(ms, ", corrupted section header size") == -1)
0233e9
@@ -877,7 +878,7 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
0233e9
 	}
0233e9
 
0233e9
 	/* Read offset of name section to be able to read section names later */
0233e9
-	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) {
0233e9
+	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) < (ssize_t)xsh_sizeof) {
0233e9
 		file_badread(ms);
0233e9
 		return -1;
0233e9
 	}
0233e9
@@ -885,15 +886,15 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
0233e9
 
0233e9
 	for ( ; num; num--) {
0233e9
 		/* Read the name of this section. */
0233e9
-		if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) {
0233e9
+		if ((namesize = pread(fd, name, sizeof(name) - 1, name_off + xsh_name)) == -1) {
0233e9
 			file_badread(ms);
0233e9
 			return -1;
0233e9
 		}
0233e9
-		name[sizeof(name) - 1] = '\0';
0233e9
+		name[namesize] = '\0';
0233e9
 		if (strcmp(name, ".debug_info") == 0)
0233e9
 			stripped = 0;
0233e9
 
0233e9
-		if (pread(fd, xsh_addr, xsh_sizeof, off) == -1) {
0233e9
+		if (pread(fd, xsh_addr, xsh_sizeof, off) < (ssize_t)xsh_sizeof) {
0233e9
 			file_badread(ms);
0233e9
 			return -1;
0233e9
 		}
0233e9
@@ -923,7 +924,7 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
0233e9
 				    " for note");
0233e9
 				return -1;
0233e9
 			}
0233e9
-			if (pread(fd, nbuf, xsh_size, xsh_offset) == -1) {
0233e9
+			if (pread(fd, nbuf, xsh_size, xsh_offset) < (ssize_t)xsh_size) {
0233e9
 				file_badread(ms);
0233e9
 				free(nbuf);
0233e9
 				return -1;
0233e9
@@ -1076,7 +1077,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
0233e9
 	}
0233e9
 
0233e9
   	for ( ; num; num--) {
0233e9
-		if (pread(fd, xph_addr, xph_sizeof, off) == -1) {
0233e9
+		if (pread(fd, xph_addr, xph_sizeof, off) < (ssize_t)xph_sizeof) {
0233e9
 			file_badread(ms);
0233e9
 			return -1;
0233e9
 		}