From 7ba1409a1aee5925180de546057ddd84ff267947 Mon Sep 17 00:00:00 2001

From: Remi Collet <rcollet@redhat.com>

Date: Thu, 14 Aug 2014 17:19:03 -0700

Subject: [PATCH] Fix bug #67716 - Segfault in cdf.c

---

 NEWS                        | 1 +

 ext/fileinfo/libmagic/cdf.c | 2 +-

 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c

index 429f3b9..2c0a2d9 100644

--- a/ext/fileinfo/libmagic/cdf.c

+++ b/ext/fileinfo/libmagic/cdf.c

@@ -820,7 +820,7 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,

 		q = (const uint8_t *)(const void *)

 		    ((const char *)(const void *)p + ofs

 		    - 2 * sizeof(uint32_t));

-		if (q > e) {

+		if (q < p || q > e) {

 			DPRINTF(("Ran of the end %p > %p\n", q, e));

 			goto out;

 		}

-- 

1.9.2