File pspp-0001-sys-file-reader-Avoid-null-dereference-skipping-bad-.patch of Package pspp.openSUSE_Leap_42.2_Update

From: Ben Pfaff <blp@cs.stanford.edu>
Date: Tue, 4 Jul 2017 12:54:47 -0400
Subject: [PATCH] sys-file-reader: Avoid null dereference skipping bad
 extension record 18.

read_record() assumed that read_extension_record() never set its output
argument to NULL when it returned true, but this is possible in an error
case.

CVE-2017-10792.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1467005.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
See also https://security-tracker.debian.org/tracker/CVE-2017-10792.
Reported by team OWL337, with fuzzer collAFL.

diff --git a/src/data/sys-file-reader.c b/src/data/sys-file-reader.c
index 57e1dc82..70a7411f 100644
--- a/src/data/sys-file-reader.c
+++ b/src/data/sys-file-reader.c
@@ -524,7 +524,7 @@ read_record (struct sfm_reader *r, int type,
              18.  I'm surprised that SPSS puts up with this. */
           struct sfm_extension_record *ext;
           bool ok = read_extension_record (r, subtype, &ext);
-          if (ok)
+          if (ok && ext)
             ll_push_tail (&r->var_attrs, &ext->ll);
           return ok;
         }