Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 1 | From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001 |
| 2 | From: "Stephen F. Booth" <me@sbooth.org> |
| 3 | Date: Sun, 23 Jul 2017 10:11:09 -0400 |
| 4 | Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame |
| 5 | |
| 6 | If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame |
| 7 | which causes problems in rebuildAggregateFrames() when it is assumed |
| 8 | that TDRC is a TextIdentificationFrame |
| 9 | |
| 10 | Upstream-Status: Backport |
| 11 | [https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6] |
| 12 | |
| 13 | CVE: CVE-2017-12678 |
| 14 | |
| 15 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> |
| 16 | --- |
| 17 | taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++-- |
| 18 | 1 file changed, 3 insertions(+), 2 deletions(-) |
| 19 | |
| 20 | diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp |
| 21 | index 759a9b7b..9347ab86 100644 |
| 22 | --- a/taglib/mpeg/id3v2/id3v2framefactory.cpp |
| 23 | +++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp |
| 24 | @@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const |
| 25 | tag->frameList("TDAT").size() == 1) |
| 26 | { |
| 27 | TextIdentificationFrame *tdrc = |
| 28 | - static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); |
| 29 | + dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); |
| 30 | UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front()); |
| 31 | |
| 32 | - if(tdrc->fieldList().size() == 1 && |
| 33 | + if(tdrc && |
| 34 | + tdrc->fieldList().size() == 1 && |
| 35 | tdrc->fieldList().front().size() == 4 && |
| 36 | tdat->data().size() >= 5) |
| 37 | { |
| 38 | -- |
| 39 | 2.13.5 |
| 40 | |