diff options
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | ext/fileinfo/libmagic/cdf.c | 2 |
2 files changed, 2 insertions, 1 deletions
@@ -17,6 +17,7 @@ PHP NEWS . Removed call_user_method() and call_user_method_array() functions. (Kalle) . Fix user session handlers (See rfc:session.user.return-value). (Sara) . Added intdiv() function. (Andrea) + . Improved precision of log() function for base 2 and 10. (Marc Bennewitz) - XSL: . Fixed bug #64776 (The XSLT extension is not thread safe). (Mike) diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c index ad285cfe18..c86763faa0 100644 --- a/ext/fileinfo/libmagic/cdf.c +++ b/ext/fileinfo/libmagic/cdf.c @@ -823,7 +823,7 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, q = (const uint8_t *)(const void *) ((const char *)(const void *)p + ofs - 2 * sizeof(uint32_t)); - if (q > e) { + if (q < p || q > e) { DPRINTF(("Ran of the end %p > %p\n", q, e)); goto out; } |