[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#885617: stretch-pu: package libextractor/1:1.3-4



Control: tag -1 moreinfo

On Thu, Dec 28, 2017 at 17:11:02 +0100, Bertrand Marc wrote:

> diff -Nru libextractor-1.3/debian/patches/CVE-2017-15600.patch libextractor-1.3/debian/patches/CVE-2017-15600.patch
> --- libextractor-1.3/debian/patches/CVE-2017-15600.patch	1970-01-01 01:00:00.000000000 +0100
> +++ libextractor-1.3/debian/patches/CVE-2017-15600.patch	2017-12-28 11:39:33.000000000 +0100
> @@ -0,0 +1,29 @@
> +From: Bertrand Marc <bmarc@debian.org>, Markus Koschany <apo@debian.org>
> +Subject: CVE-2017-15600
> +
> +Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
> +Origin: https://gnunet.org/git/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7
> +--- a/src/plugins/nsf_extractor.c
> ++++ b/src/plugins/nsf_extractor.c
> +@@ -152,13 +152,17 @@
> +   char nsfversion[32];
> +   const struct header *head;
> +   void *data;
> ++  ssize_t ds;
> + 
> +-  if (sizeof (struct header) >
> +-      ec->read (ec->cls,
> +-		&data,
> +-		sizeof (struct header)))
> ++  ds = ec->read (ec->cls,
> ++                 &data,
> ++                 sizeof (struct header));
> ++  if ( (-1 == ds) ||
> ++       (sizeof (struct header) > ds) )
> +     return;
> +   head = data; 
> ++  if (NULL == head)
> ++    return 0; 
> + 

Curious how that works.  3 lines above is plain "return", and here
"return 0".  What's the type of that function and how did the compiler
not flag this?

Cheers,
Julien


Reply to: