Control: tags -1 -moreinfo +confirmed On Sun, 2018-02-25 at 19:18 +0100, Bertrand Marc wrote: > Le 10/02/2018 à 11:13, Julien Cristau a écrit : > > Control: tag -1 moreinfo > > > > On Thu, Dec 28, 2017 at 17:11:02 +0100, Bertrand Marc wrote: > > > > > diff -Nru libextractor-1.3/debian/patches/CVE-2017-15600.patch > > > libextractor-1.3/debian/patches/CVE-2017-15600.patch > > > --- libextractor-1.3/debian/patches/CVE-2017-15600.patch 1 > > > 970-01-01 01:00:00.000000000 +0100 > > > +++ libextractor-1.3/debian/patches/CVE-2017-15600.patch 2 > > > 017-12-28 11:39:33.000000000 +0100 > > > @@ -0,0 +1,29 @@ > > > +From: Bertrand Marc <[email protected]>, Markus Koschany <apo@deb > > > ian.org> > > > +Subject: CVE-2017-15600 > > > + > > > +Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor > > > /2017-10/msg00004.html > > > +Origin: https://gnunet.org/git/libextractor.git/commit/?id=38e89 > > > 33539ee9d044057b18a971c2eae3c21aba7 > > > +--- a/src/plugins/nsf_extractor.c > > > ++++ b/src/plugins/nsf_extractor.c > > > +@@ -152,13 +152,17 @@ > > > + char nsfversion[32]; > > > + const struct header *head; > > > + void *data; > > > ++ ssize_t ds; > > > + > > > +- if (sizeof (struct header) > > > > +- ec->read (ec->cls, > > > +- &data, > > > +- sizeof (struct header))) > > > ++ ds = ec->read (ec->cls, > > > ++ &data, > > > ++ sizeof (struct header)); > > > ++ if ( (-1 == ds) || > > > ++ (sizeof (struct header) > ds) ) > > > + return; > > > + head = data; > > > ++ if (NULL == head) > > > ++ return 0; > > > + > > > > Curious how that works. 3 lines above is plain "return", and here > > "return 0". What's the type of that function and how did the > > compiler > > not flag this? > > > > Cheers, > > Julien > > Indeed, sorry. The type of the function was changed from void (in > wheezy) to int (in jessie). I updated the patch attached accordingly. >
Please go ahead. Regards, Adam
