From: Bertrand Marc <bmarc@debian.org>, Markus Koschany <apo@debian.org>
Subject: CVE-2017-15600

Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
Origin: https://gnunet.org/git/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7
--- a/src/plugins/nsf_extractor.c
+++ b/src/plugins/nsf_extractor.c
@@ -152,13 +152,17 @@
   char nsfversion[32];
   const struct header *head;
   void *data;
+  ssize_t ds;
 
-  if (sizeof (struct header) >
-      ec->read (ec->cls,
-		&data,
-		sizeof (struct header)))
+  ds = ec->read (ec->cls,
+                 &data,
+                 sizeof (struct header));
+  if ( (-1 == ds) ||
+       (sizeof (struct header) > ds) )
     return;
   head = data; 
+  if (NULL == head)
+    return;
 
   /* Check "magic" id bytes */
   if (memcmp (head->magicid, "NESM\x1a", 5))