Sophie: ming-0.4.5-14.1.mga6 src

ming-0.4.5-14.1.mga6.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

From 447821c5cf76f6abfb2d3a397b5983417f29ee9b Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@debian.org>
Date: Wed, 11 Oct 2017 16:16:31 +0200
Subject: [PATCH 16/29] Avoid NULL pointer dereference in util/parser.c.

Make sure that nsset->NS isn't dereferenced if malloc failed. In this
case, report error and abort.

This commit fixes CVE-2017-9988 (fixes #85).
---
 util/parser.c | 4 ++++
 1 files changed, 4 insertions(+)

diff --git a/util/parser.c b/util/parser.c
index 6a70bb0c..1dcc9e76 100644
--- a/util/parser.c
+++ b/util/parser.c
@@ -3079,6 +3079,10 @@ void parseABC_NS_SET_INFO(struct ABC_NS_SET_INFO *nsset, FILE *f)
   int i;
   nsset->Count = readEncUInt30(f);
   nsset->NS = malloc(sizeof(U30) * nsset->Count);
+  if (nsset->NS == NULL) {
+    SWF_error("parseABC_NS_SET_INFO: Failed to allocate %lu bytes", sizeof(U30) * nsset->Count);
+    return;
+  }
   for(i = 0; i < nsset->Count; i++)
     nsset->NS[i] = readEncUInt30(f);
 }
-- 
2.14.3