0000189: 'use' corrupts 'ms->c' - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0000189	file	General	public	2020-08-26 10:44	2020-09-05 14:17

Reporter	neal	Assigned To	christos
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	fixed
Fixed in Version	5.40

Summary	0000189: 'use' corrupts 'ms->c'
Description	Consider the following magic file: 10 byte x >&0 byte x 1:%d >&0 use foo >&0 byte x 2:%d 20 name foo >&30 byte x 3:%d I would expect this to output: /tmp/byte.bin: 1:11 3:41 2:11 instead, it outputs /tmp/byte.bin: 1:11 3:41 2:0 Commenting out line 3 ('use foo') causes line 4 to correctly output 2:11. According to my analysis, this happens, because when mget handles a FILE_USE entry (around line 'softmagic.c:1890') , it recursively calls 'match' with the same magic_set ('ms'). 'match' sets 'cont_level' to 0, and initializes 'ms->c[0]'. Unfortunately, and 'match' doesn't restore it before returning. (In fact, it has to restore the whole continuation level.) I suspect that the easiest fix would be to turn 'ms->c' into a stack and each time 'match' is used, a new continuation array is pushed. Then before 'match' returns, it pops off the top continuation array.
Steps To Reproduce	$ file -d -m /tmp/cont_level.magic /tmp/byte.bin unknown, 0: Warning: using regular magic file `/tmp/cont_level.magic' (no description): binary (no description): text [try zmagic 0] [try tar 0] [try json 0] [try cdf 0] [try elf 0] bb=[0x7f1ab5c42010,256], 10 [b=0x7f1ab5c42010,256], [o=0xa, c=0] mget(type=1, flag=0x20, offset=10, o=0, nbytes=256, il=0, nc=0) mget/96 @10: \n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 !"#$%&'()+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi 1: > 10 byte&,x,""] 10 == any* = 1 bb=[0x7f1ab5c42010,256], 0 [b=0x7f1ab5c42010,256], [o=0, c=1] mget(type=1, flag=0x2, offset=11, o=0, nbytes=256, il=0, nc=0) mget/96 @11: \v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 !"#$%&'()+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij 2: >> 0 byte&,x,"1:%d"] 11 == any* = 1 bb=[0x7f1ab5c42010,256], 0 [b=0x7f1ab5c42010,256], [o=0, c=1] mget(type=46, flag=0x2, offset=11, o=0, nbytes=256, il=0, nc=0) mget/96 @11: \v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 !"#$%&'()+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij 3: >> 0 use,='foo',""] bb=[0x7f1ab5c42010,256], 20 [b=0x7f1ab5c42010,256], [o=0x14, c=0] mget(type=45, flag=0, offset=20, o=11, nbytes=256, il=0, nc=1) mget/96 @20: \037 !"#$%&'()+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~ 6: > 20 name,='foo',""] bb=[0x7f1ab5c42010,256], 30 [b=0x7f1ab5c42010,256], [o=0x1e, c=1] mget(type=1, flag=0x2, offset=30, o=11, nbytes=256, il=0, nc=1) mget/96 @30: )+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~\177\200\201\202\203\204\205\206\207\210 7: >> 30 byte&,x,"3:%d"] 41 == any* = 1 bb=[0x7f1ab5c42010,256], 0 [b=0x7f1ab5c42010,256], [o=0, c=1] mget(type=1, flag=0x2, offset=0, o=0, nbytes=256, il=0, nc=0) mget/96 @0: \000\001\002\003\004\005\006\a\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 !"#$%&'()+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ 4: >> 0 byte&,x,"2:%d"] 0 == any* = 1 [try softmagic 1] /tmp/byte.bin: 1:11 3:41 2:0
Tags	No tags attached.

Date Modified	Username	Field	Change
2020-08-26 10:44	neal	New Issue
2020-08-26 10:44	neal	File Added: cont_level.magic
2020-08-26 10:44	neal	File Added: byte.bin
2020-09-05 14:16	christos	Assigned To	=> christos
2020-09-05 14:16	christos	Status	new => assigned
2020-09-05 14:17	christos	Status	assigned => resolved
2020-09-05 14:17	christos	Resolution	open => fixed
2020-09-05 14:17	christos	Fixed in Version	=> 5.40
2020-09-05 14:17	christos	Note Added: 0003473