From c621182c42a36975970586cfc294bc5a80ba08cb Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Sun, 4 Nov 2018 16:56:43 +0100 Subject: [PATCH] Backport 7f5f4601 for 7.2 --- ext/fileinfo/libmagic/apprentice.c | 7 ++++--- ext/fileinfo/libmagic/softmagic.c | 31 ++++++++++++------------------ 2 files changed, 16 insertions(+), 22 deletions(-) diff --git a/ext/fileinfo/libmagic/apprentice.c b/ext/fileinfo/libmagic/apprentice.c index e55f59bbb8c5..fae2abb811d5 100644 --- a/ext/fileinfo/libmagic/apprentice.c +++ b/ext/fileinfo/libmagic/apprentice.c @@ -2524,18 +2524,19 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action) return -1; } if (m->type == FILE_REGEX) { - /* XXX do we need this? */ - /*zval pattern; + zval pattern; int options = 0; pcre_cache_entry *pce; convert_libmagic_pattern(&pattern, m->value.s, strlen(m->value.s), options); if ((pce = pcre_get_compiled_regex_cache(Z_STR(pattern))) == NULL) { + zval_dtor(&pattern); return -1; } + zval_dtor(&pattern); - return 0;*/ + return 0; } return 0; case FILE_FLOAT: diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c index d07d49e7a016..4b10e846644f 100644 --- a/ext/fileinfo/libmagic/softmagic.c +++ b/ext/fileinfo/libmagic/softmagic.c @@ -1203,28 +1203,21 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, return 0; } - /* bytecnt checks are to be kept for PHP, see cve-2014-3538. - PCRE might get stuck if the input buffer is too big. */ - linecnt = m->str_range; - bytecnt = linecnt * 80; - - if (bytecnt == 0) { - bytecnt = 1 << 14; + if (m->str_flags & REGEX_LINE_COUNT) { + linecnt = m->str_range; + bytecnt = linecnt * 80; + } else { + linecnt = 0; + bytecnt = m->str_range; } - if (bytecnt > nbytes) { - bytecnt = nbytes; - } - if (offset > bytecnt) { - offset = bytecnt; - } - if (s == NULL) { - ms->search.s_len = 0; - ms->search.s = NULL; - return 0; - } + if (bytecnt == 0 || bytecnt > nbytes - offset) + bytecnt = nbytes - offset; + if (bytecnt > ms->regex_max) + bytecnt = ms->regex_max; + buf = RCAST(const char *, s) + offset; - end = last = RCAST(const char *, s) + bytecnt; + end = last = RCAST(const char *, s) + bytecnt + offset; /* mget() guarantees buf <= last */ for (lines = linecnt, b = buf; lines && b < end && ((b = CAST(const char *, From 0e33c2822c913e7cb0d9d04b08d3d9439bda6e4c Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Mon, 5 Nov 2018 21:28:04 +0100 Subject: [PATCH] Declare function proto in header --- ext/fileinfo/libmagic/file.h | 3 +++ ext/fileinfo/libmagic/funcs.c | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ext/fileinfo/libmagic/file.h b/ext/fileinfo/libmagic/file.h index bfc49f57d5d8..cb9bd87293f2 100644 --- a/ext/fileinfo/libmagic/file.h +++ b/ext/fileinfo/libmagic/file.h @@ -488,6 +488,9 @@ protected int file_os2_apptype(struct magic_set *, const char *, const void *, size_t); #endif /* __EMX__ */ +public void +convert_libmagic_pattern(zval *pattern, char *val, int len, int options); + typedef struct { char *buf; uint32_t offset; diff --git a/ext/fileinfo/libmagic/funcs.c b/ext/fileinfo/libmagic/funcs.c index 40ea81d3df39..f49129e7d80b 100644 --- a/ext/fileinfo/libmagic/funcs.c +++ b/ext/fileinfo/libmagic/funcs.c @@ -56,8 +56,6 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.92 2017/04/07 20:10:24 christos Exp $") # define PREG_OFFSET_CAPTURE (1<<8) #endif -extern public void convert_libmagic_pattern(zval *pattern, char *val, int len, int options); - protected int file_printf(struct magic_set *ms, const char *fmt, ...) {