aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch
blob: 8d09ce7b6f391e39cbd8e333a9b1c8de71f72f09 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
libid3tag: patch for CVE-2004-2779

The patch comes from
https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch

Upstream-Status: Pending

CVE: CVE-2004-2779

Signed-off-by: Changqing Li <changqing.li@windriver.com>

diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
--- libid3tag-0.15.1b/utf16.c	2006-01-13 15:26:29.000000000 +0100
+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c	2006-01-13 15:27:19.000000000 +0100
@@ -282,5 +282,18 @@
 
   free(utf16);
 
+  if (end == *ptr && length % 2 != 0)
+  {
+     /* We were called with a bogus length.  It should always
+      * be an even number.  We can deal with this in a few ways:
+      * - Always give an error.
+      * - Try and parse as much as we can and
+      *   - return an error if we're called again when we
+      *     already tried to parse everything we can.
+      *   - tell that we parsed it, which is what we do here.
+      */
+     (*ptr)++;
+  }
+
   return ucs4;
 }