Blame - poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch - openbmc/openbmc

blob: 10e089018c8f734c0f73a5b64b359d1f39512f54 [file] [log] [blame]

Brad Bishop	bba38f3	2018-08-23 16:11:46 +0800	[diff] [blame]	1	libid3tag: patch for CVE-2004-2779
				2
				3	The patch comes from
				4	https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch
				5
				6	Upstream-Status: Pending
				7
				8	CVE: CVE-2004-2779
Brad Bishop	96ff198	2019-08-19 13:50:42 -0400	[diff] [blame^]	9	CVE: CVE-2017-11551
Brad Bishop	bba38f3	2018-08-23 16:11:46 +0800	[diff] [blame]	10
				11	Signed-off-by: Changqing Li <changqing.li@windriver.com>
				12
				13	diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
				14	--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100
				15	+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100
				16	@@ -282,5 +282,18 @@
				17
				18	free(utf16);
				19
				20	+ if (end == *ptr && length % 2 != 0)
				21	+ {
				22	+ /* We were called with a bogus length. It should always
				23	+ * be an even number. We can deal with this in a few ways:
				24	+ * - Always give an error.
				25	+ * - Try and parse as much as we can and
				26	+ * - return an error if we're called again when we
				27	+ * already tried to parse everything we can.
				28	+ * - tell that we parsed it, which is what we do here.
				29	+ */
				30	+ (*ptr)++;
				31	+ }
				32	+
				33	return ucs4;
				34	}