Control: tag -1 moreinfo On Thu, Dec 28, 2017 at 17:11:02 +0100, Bertrand Marc wrote:
> diff -Nru libextractor-1.3/debian/patches/CVE-2017-15600.patch > libextractor-1.3/debian/patches/CVE-2017-15600.patch > --- libextractor-1.3/debian/patches/CVE-2017-15600.patch 1970-01-01 > 01:00:00.000000000 +0100 > +++ libextractor-1.3/debian/patches/CVE-2017-15600.patch 2017-12-28 > 11:39:33.000000000 +0100 > @@ -0,0 +1,29 @@ > +From: Bertrand Marc <bm...@debian.org>, Markus Koschany <a...@debian.org> > +Subject: CVE-2017-15600 > + > +Bug-Upstream: > http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html > +Origin: > https://gnunet.org/git/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7 > +--- a/src/plugins/nsf_extractor.c > ++++ b/src/plugins/nsf_extractor.c > +@@ -152,13 +152,17 @@ > + char nsfversion[32]; > + const struct header *head; > + void *data; > ++ ssize_t ds; > + > +- if (sizeof (struct header) > > +- ec->read (ec->cls, > +- &data, > +- sizeof (struct header))) > ++ ds = ec->read (ec->cls, > ++ &data, > ++ sizeof (struct header)); > ++ if ( (-1 == ds) || > ++ (sizeof (struct header) > ds) ) > + return; > + head = data; > ++ if (NULL == head) > ++ return 0; > + Curious how that works. 3 lines above is plain "return", and here "return 0". What's the type of that function and how did the compiler not flag this? Cheers, Julien