From: Bertrand Marc Subject: CVE-2017-17440 Bug-Debian: https://bugs.debian.org/883528 Origin: https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e --- a/src/plugins/gif_extractor.c +++ b/src/plugins/gif_extractor.c @@ -118,6 +118,8 @@ if (GIF_OK != DGifGetExtension (gif_file, &et, &ext)) continue; + if (NULL == ext) + continue; if (COMMENT_EXT_FUNC_CODE == et) { ec->proc (ec->cls, --- a/src/plugins/it_extractor.c +++ b/src/plugins/it_extractor.c @@ -70,7 +70,7 @@ char itversion[8]; const struct Header *head; - if (HEADER_SIZE > + if ((ssize_t) HEADER_SIZE > ec->read (ec->cls, &data, HEADER_SIZE)) --- a/src/plugins/nsfe_extractor.c +++ b/src/plugins/nsfe_extractor.c @@ -176,7 +176,7 @@ if (size < 8) return 0; - if (size > + if ((ssize_t) size > ec->read (ec->cls, &data, size)) @@ -244,7 +244,7 @@ void *data; const char *cdata; - if (size > + if ((ssize_t) size > ec->read (ec->cls, &data, size)) @@ -286,7 +286,7 @@ if (left < 1) return 0; - if (size > + if ((ssize_t) size > ec->read (ec->cls, &data, size)) @@ -343,7 +343,7 @@ uint32_t chunksize; int ret; - if (sizeof (struct header) > + if ((ssize_t) sizeof (struct header) > ec->read (ec->cls, &data, sizeof (struct header))) --- a/src/plugins/s3m_extractor.c +++ b/src/plugins/s3m_extractor.c @@ -80,7 +80,7 @@ struct S3MHeader header; char song_name_NT[29]; - if (sizeof (header) > + if ((ssize_t) sizeof (header) > ec->read (ec->cls, &data, sizeof (header))) --- a/src/plugins/sid_extractor.c +++ b/src/plugins/sid_extractor.c @@ -176,7 +176,7 @@ const struct header *head; void *data; - if (sizeof (struct header) > + if ((ssize_t) sizeof (struct header) > ec->read (ec->cls, &data, sizeof (struct header))) --- a/src/plugins/xm_extractor.c +++ b/src/plugins/xm_extractor.c @@ -70,7 +70,7 @@ char xmversion[8]; size_t n; - if (sizeof (struct Header) > + if ((ssize_t) sizeof (struct Header) > ec->read (ec->cls, &data, sizeof (struct Header)))