Bug#885617: stretch-pu: package libextractor/1:1.3-4
Control: tags -1 -moreinfo +confirmed
On Sun, 2018-02-25 at 19:18 +0100, Bertrand Marc wrote:
> Le 10/02/2018 à 11:13, Julien Cristau a écrit :
> > Control: tag -1 moreinfo
> >
> > On Thu, Dec 28, 2017 at 17:11:02 +0100, Bertrand Marc wrote:
> >
> > > diff -Nru libextractor-1.3/debian/patches/CVE-2017-15600.patch
> > > libextractor-1.3/debian/patches/CVE-2017-15600.patch
> > > --- libextractor-1.3/debian/patches/CVE-2017-15600.patch 1
> > > 970-01-01 01:00:00.000000000 +0100
> > > +++ libextractor-1.3/debian/patches/CVE-2017-15600.patch 2
> > > 017-12-28 11:39:33.000000000 +0100
> > > @@ -0,0 +1,29 @@
> > > +From: Bertrand Marc <bmarc@debian.org>, Markus Koschany <apo@deb
> > > ian.org>
> > > +Subject: CVE-2017-15600
> > > +
> > > +Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor
> > > /2017-10/msg00004.html
> > > +Origin: https://gnunet.org/git/libextractor.git/commit/?id=38e89
> > > 33539ee9d044057b18a971c2eae3c21aba7
> > > +--- a/src/plugins/nsf_extractor.c
> > > ++++ b/src/plugins/nsf_extractor.c
> > > +@@ -152,13 +152,17 @@
> > > + char nsfversion[32];
> > > + const struct header *head;
> > > + void *data;
> > > ++ ssize_t ds;
> > > +
> > > +- if (sizeof (struct header) >
> > > +- ec->read (ec->cls,
> > > +- &data,
> > > +- sizeof (struct header)))
> > > ++ ds = ec->read (ec->cls,
> > > ++ &data,
> > > ++ sizeof (struct header));
> > > ++ if ( (-1 == ds) ||
> > > ++ (sizeof (struct header) > ds) )
> > > + return;
> > > + head = data;
> > > ++ if (NULL == head)
> > > ++ return 0;
> > > +
> >
> > Curious how that works. 3 lines above is plain "return", and here
> > "return 0". What's the type of that function and how did the
> > compiler
> > not flag this?
> >
> > Cheers,
> > Julien
>
> Indeed, sorry. The type of the function was changed from void (in
> wheezy) to int (in jessie). I updated the patch attached accordingly.
>
Please go ahead.
Regards,
Adam
Reply to: