Commit a59aa23b authored by Jérome Perrin's avatar Jérome Perrin

component/file: use a local copy of the patch

It no longer exist at this URL
parent 89c7e77a
Pipeline #7833 running with stage
......@@ -21,4 +21,4 @@ environment =
patch-binary = ${patch:location}/bin/patch
patch-options = -p1
patches =
https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch#fb6f7d32ce89573bf4b4b302c812e394
${:_profile_base_location_}/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch#fb6f7d32ce89573bf4b4b302c812e394
Subject: Limit the number of elements in a vector (found by oss-fuzz)
Origin: FILE5_37-67-g46a8443f <https://github.com/file/file/commit/FILE5_37-67-g46a8443f>
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Mon Aug 26 14:31:39 2019 +0000
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -1013,8 +1013,9 @@
goto out;
}
nelements = CDF_GETUINT32(q, 1);
- if (nelements == 0) {
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+ DPRINTF(("CDF_VECTOR with nelements == %"
+ SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@@ -1056,8 +1057,6 @@
goto out;
inp += nelem;
}
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
- nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
--- a/src/cdf.h
+++ b/src/cdf.h
@@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
+#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment