os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/patches/SA-07:04/file6.patch
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

132 lines
3.4 KiB
Diff
Raw Blame History

Index: contrib/file/file.h
===================================================================
RCS file: /home/ncvs/src/contrib/file/file.h,v
retrieving revision 1.1.1.8
diff -u -I__FBSDID -I$FreeBSD -r1.1.1.8 file.h
--- contrib/file/file.h 28 Dec 2004 04:31:45 -0000 1.1.1.8
+++ contrib/file/file.h 17 May 2007 17:09:58 -0000
@@ -226,7 +226,7 @@
/* Accumulation buffer */
char *buf;
char *ptr;
- size_t len;
+ size_t left;
size_t size;
/* Printable buffer */
char *pbuf;
Index: contrib/file/funcs.c
===================================================================
RCS file: /home/ncvs/src/contrib/file/funcs.c,v
retrieving revision 1.1.1.2
diff -u -I__FBSDID -I$FreeBSD -r1.1.1.2 funcs.c
--- contrib/file/funcs.c 28 Dec 2004 04:31:45 -0000 1.1.1.2
+++ contrib/file/funcs.c 17 May 2007 17:09:58 -0000
@@ -26,6 +26,7 @@
*/
#include "file.h"
#include "magic.h"
+#include <limits.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
@@ -41,27 +42,31 @@
file_printf(struct magic_set *ms, const char *fmt, ...)
{
va_list ap;
- size_t len;
+ size_t len, size;
char *buf;
va_start(ap, fmt);
- if ((len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap)) >= ms->o.len) {
+ if ((len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap)) >= ms->o.left) {
+ long diff; /* XXX: really ptrdiff_t */
+
va_end(ap);
- if ((buf = realloc(ms->o.buf, len + 1024)) == NULL) {
+ size = (ms->o.size - ms->o.left) + len + 1024;
+ if ((buf = realloc(ms->o.buf, size)) == NULL) {
file_oomem(ms);
return -1;
}
- ms->o.ptr = buf + (ms->o.ptr - ms->o.buf);
+ diff = ms->o.ptr - ms->o.buf;
+ ms->o.ptr = buf + diff;
ms->o.buf = buf;
- ms->o.len = ms->o.size - (ms->o.ptr - ms->o.buf);
- ms->o.size = len + 1024;
+ ms->o.left = size - diff;
+ ms->o.size = size;
va_start(ap, fmt);
- len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap);
+ len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap);
}
ms->o.ptr += len;
- ms->o.len -= len;
+ ms->o.left -= len;
va_end(ap);
return 0;
}
@@ -150,8 +155,8 @@
protected const char *
file_getbuffer(struct magic_set *ms)
{
- char *nbuf, *op, *np;
- size_t nsize;
+ char *pbuf, *op, *np;
+ size_t psize, len;
if (ms->haderr)
return NULL;
@@ -159,14 +164,20 @@
if (ms->flags & MAGIC_RAW)
return ms->o.buf;
- nsize = ms->o.len * 4 + 1;
- if (ms->o.psize < nsize) {
- if ((nbuf = realloc(ms->o.pbuf, nsize)) == NULL) {
+ len = ms->o.size - ms->o.left;
+ if (len > (SIZE_T_MAX - 1) / 4) {
+ file_oomem(ms);
+ return NULL;
+ }
+ /* * 4 is for octal representation, + 1 is for NUL */
+ psize = len * 4 + 1;
+ if (ms->o.psize < psize) {
+ if ((pbuf = realloc(ms->o.pbuf, psize)) == NULL) {
file_oomem(ms);
return NULL;
}
- ms->o.psize = nsize;
- ms->o.pbuf = nbuf;
+ ms->o.psize = psize;
+ ms->o.pbuf = pbuf;
}
for (np = ms->o.pbuf, op = ms->o.buf; *op; op++) {
Index: contrib/file/magic.c
===================================================================
RCS file: /home/ncvs/src/contrib/file/magic.c,v
retrieving revision 1.1.1.2
diff -u -I__FBSDID -I$FreeBSD -r1.1.1.2 magic.c
--- contrib/file/magic.c 28 Dec 2004 04:31:45 -0000 1.1.1.2
+++ contrib/file/magic.c 17 May 2007 17:09:58 -0000
@@ -89,7 +89,7 @@
goto free1;
}
- ms->o.ptr = ms->o.buf = malloc(ms->o.size = 1024);
+ ms->o.ptr = ms->o.buf = malloc(ms->o.left = ms->o.size = 1024);
if (ms->o.buf == NULL)
goto free1;
@@ -101,7 +101,6 @@
if (ms->c.off == NULL)
goto free3;
- ms->o.len = 0;
ms->haderr = 0;
ms->error = -1;
ms->mlist = NULL;
Reference in a new issue View git blame Copy permalink