libredwg/CVE-2018-14471.patch

From 7bb6307da56c753b962de127a43ebde3e621ecbb Mon Sep 17 00:00:00 2001
From: Reini Urban <rurban@cpan.org>
Date: Fri, 20 Jul 2018 22:29:51 +0200
Subject: [PATCH] protect dwg_obj_block_control_get_block_headers

from empty ctrl->block_headers. Fixes [GH #32]
---
 src/dwg_api.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/dwg_api.c b/src/dwg_api.c
index f44f6207..82776188 100644
--- a/src/dwg_api.c
+++ b/src/dwg_api.c
@@ -17888,7 +17888,13 @@ dwg_obj_block_control_get_block_headers(const dwg_obj_block_control *restrict ct
 {
   dwg_object_ref **ptx = (dwg_object_ref**)
     malloc(ctrl->num_entries * sizeof(Dwg_Object_Ref *));
-  if (ptx)
+  if (ctrl->num_entries && !ctrl->block_headers)
+    {
+      *error = 1;
+      LOG_ERROR("%s: null block_headers", __FUNCTION__);
+      return NULL;
+    }
+  else if (ptx)
     {
       BITCODE_BS i;
       *error = 0;