[Ming-cvs] [libming/libming] f3a66c: Fix NULL pointer deref in outputSWF_TEXT_RECORD

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

  Branch: refs/heads/master
  Home:   https://github.com/libming/libming
  Commit: f3a66c6479d1191734b5ab57d5d7e0bd7525b1a7
      https://github.com/libming/libming/commit/f3a66c6479d1191734b5ab57d5d7e0bd7525b1a7
  Author: Hugo Lefeuvre <hl...@de...>
  Date:   2017-11-24 (Fri, 24 Nov 2017)

  Changed paths:
    M NEWS
    M util/outputscript.c

  Log Message:
  -----------
  Fix NULL pointer deref in outputSWF_TEXT_RECORD

fip and fip_current are static pointers to a linked list containing
fonts information. This list and the two pointers are initialized and
filled by saveFontInfo() (called by the outputSWF_DEFINEFONTxxxx()
functions when defining new fonts).

In the case where no font is defined, saveFontInfo() is never called
and the two list pointers are NULL.

This situation may trigger a NULL pointer dereference in
outputSWF_TEXT_RECORD. In this patch, we check for !fip_current
before dereferencing it. In the == NULL case, we print a warning and
continue.

This commit addresses CVE-2017-16883 (fixes #77).

  Commit: 459fb480d9c8f1d841d87b9f52049e41355165c4
      https://github.com/libming/libming/commit/459fb480d9c8f1d841d87b9f52049e41355165c4
  Author: Sandro Santilli <st...@kb...>
  Date:   2017-11-24 (Fri, 24 Nov 2017)

  Changed paths:
    M NEWS
    M util/outputscript.c

  Log Message:
  -----------
  Merge pull request #94 from hlef/master

Fix NULL pointer dereference in outputSWF_TEXT_RECORD (CVE-2017-16883)

Compare: https://github.com/libming/libming/compare/fcb9fbf96a96...459fb480d9c8