diff options
author | Anatol Belski <ab@php.net> | 2014-12-30 19:37:27 +0100 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2014-12-30 19:37:27 +0100 |
commit | d92a87d7cb81f94b8705cdbeaa1b3836dc145549 (patch) | |
tree | a22603c8042dfa9fbf48f9e25f5b5043b013953d | |
parent | 211f4ceeaec62929eb1e217ceadaac037b1cb799 (diff) | |
download | php-git-d92a87d7cb81f94b8705cdbeaa1b3836dc145549.tar.gz |
Fixed bug #68671 incorrect expression in libmagic
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | ext/fileinfo/libmagic/print.c | 11 |
2 files changed, 11 insertions, 4 deletions
@@ -25,6 +25,10 @@ PHP NEWS . Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans) +- Fileinfo: + . Fixed bug #68671 (incorrect expression in libmagic). + (Joshua Rogers, Anatol Belski) + - GD: . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi) diff --git a/ext/fileinfo/libmagic/print.c b/ext/fileinfo/libmagic/print.c index eb4e6e8ce4..26bb2f7e97 100644 --- a/ext/fileinfo/libmagic/print.c +++ b/ext/fileinfo/libmagic/print.c @@ -59,16 +59,19 @@ protected void file_magwarn(struct magic_set *ms, const char *f, ...) { va_list va; - char *expanded_format; + char *expanded_format = NULL; + int expanded_len; TSRMLS_FETCH(); va_start(va, f); - if (vasprintf(&expanded_format, f, va)); /* silence */ + expanded_len = vasprintf(&expanded_format, f, va); va_end(va); - php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Warning: %s", expanded_format); + if (expanded_len >= 0 && expanded_format) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Warning: %s", expanded_format); - free(expanded_format); + free(expanded_format); + } } protected const char * |