Function magic_buffer() from libmagic(3) uses external utilities for decompression of compressed files. Data from an input in-memory buffer should be passed to the external program via a pipe. Due to an incorrect condition, the pipe is not initialized, hence no data are passed to the program. Moreover, calling close(2) with an argument taken from an unitialized memory location causes closing of two indeterministically selected file descriptors. If the descriptor intended for reading from the decompression process is closed, the libmagic code will be stuck in an endless loop, using 100 % CPU, calling select(2) that always fails with EBADF. Fix: Apply the attached patch in /usr/src, recompile and reinstall /usr/src/lib/libmagic: How-To-Repeat: Call magic_buffer(m, buf, sz) for m obtained by a prior call of magic_open(MAGIC_COMPRESS), with buf containing data compressed by bzip2.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>