From c621182c42a36975970586cfc294bc5a80ba08cb Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Sun, 4 Nov 2018 16:56:43 +0100
Subject: [PATCH] Backport 7f5f4601 for 7.2
---
ext/fileinfo/libmagic/apprentice.c | 7 ++++---
ext/fileinfo/libmagic/softmagic.c | 31 ++++++++++++------------------
2 files changed, 16 insertions(+), 22 deletions(-)
diff --git a/ext/fileinfo/libmagic/apprentice.c b/ext/fileinfo/libmagic/apprentice.c
index e55f59bbb8c5..fae2abb811d5 100644
--- a/ext/fileinfo/libmagic/apprentice.c
+++ b/ext/fileinfo/libmagic/apprentice.c
@@ -2524,18 +2524,19 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action)
return -1;
}
if (m->type == FILE_REGEX) {
- /* XXX do we need this? */
- /*zval pattern;
+ zval pattern;
int options = 0;
pcre_cache_entry *pce;
convert_libmagic_pattern(&pattern, m->value.s, strlen(m->value.s), options);
if ((pce = pcre_get_compiled_regex_cache(Z_STR(pattern))) == NULL) {
+ zval_dtor(&pattern);
return -1;
}
+ zval_dtor(&pattern);
- return 0;*/
+ return 0;
}
return 0;
case FILE_FLOAT:
diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c
index d07d49e7a016..4b10e846644f 100644
--- a/ext/fileinfo/libmagic/softmagic.c
+++ b/ext/fileinfo/libmagic/softmagic.c
@@ -1203,28 +1203,21 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
return 0;
}
- /* bytecnt checks are to be kept for PHP, see cve-2014-3538.
- PCRE might get stuck if the input buffer is too big. */
- linecnt = m->str_range;
- bytecnt = linecnt * 80;
-
- if (bytecnt == 0) {
- bytecnt = 1 << 14;
+ if (m->str_flags & REGEX_LINE_COUNT) {
+ linecnt = m->str_range;
+ bytecnt = linecnt * 80;
+ } else {
+ linecnt = 0;
+ bytecnt = m->str_range;
}
- if (bytecnt > nbytes) {
- bytecnt = nbytes;
- }
- if (offset > bytecnt) {
- offset = bytecnt;
- }
- if (s == NULL) {
- ms->search.s_len = 0;
- ms->search.s = NULL;
- return 0;
- }
+ if (bytecnt == 0 || bytecnt > nbytes - offset)
+ bytecnt = nbytes - offset;
+ if (bytecnt > ms->regex_max)
+ bytecnt = ms->regex_max;
+
buf = RCAST(const char *, s) + offset;
- end = last = RCAST(const char *, s) + bytecnt;
+ end = last = RCAST(const char *, s) + bytecnt + offset;
/* mget() guarantees buf <= last */
for (lines = linecnt, b = buf; lines && b < end &&
((b = CAST(const char *,
From 0e33c2822c913e7cb0d9d04b08d3d9439bda6e4c Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Mon, 5 Nov 2018 21:28:04 +0100
Subject: [PATCH] Declare function proto in header
---
ext/fileinfo/libmagic/file.h | 3 +++
ext/fileinfo/libmagic/funcs.c | 2 --
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/ext/fileinfo/libmagic/file.h b/ext/fileinfo/libmagic/file.h
index bfc49f57d5d8..cb9bd87293f2 100644
--- a/ext/fileinfo/libmagic/file.h
+++ b/ext/fileinfo/libmagic/file.h
@@ -488,6 +488,9 @@ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
size_t);
#endif /* __EMX__ */
+public void
+convert_libmagic_pattern(zval *pattern, char *val, int len, int options);
+
typedef struct {
char *buf;
uint32_t offset;
diff --git a/ext/fileinfo/libmagic/funcs.c b/ext/fileinfo/libmagic/funcs.c
index 40ea81d3df39..f49129e7d80b 100644
--- a/ext/fileinfo/libmagic/funcs.c
+++ b/ext/fileinfo/libmagic/funcs.c
@@ -56,8 +56,6 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.92 2017/04/07 20:10:24 christos Exp $")
# define PREG_OFFSET_CAPTURE (1<<8)
#endif
-extern public void convert_libmagic_pattern(zval *pattern, char *val, int len, int options);
-
protected int
file_printf(struct magic_set *ms, const char *fmt, ...)
{