summaryrefslogtreecommitdiff
path: root/user/libid3tag/CVE-2017-11550.patch
blob: abf6cbd4338b34513be39ad4bb1139b86512312c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Lifted from Debian:
https://sources.debian.org/patches/libid3tag/0.15.1b-14/11_unknown_encoding.dpatch/

In case of an unknown/invalid encoding, id3_parse_string() will
return NULL, but the return value wasn't checked resulting
in segfault in id3_ucs4_length().  This is the only place
the return value wasn't checked.

--- libid3tag-0.15.1b/compat.gperf	2004-01-23 09:41:32.000000000 +0000
+++ libid3tag-0.15.1b/compat.gperf	2007-01-14 14:36:53.000000000 +0000
@@ -236,6 +236,10 @@
 
     encoding = id3_parse_uint(&data, 1);
     string   = id3_parse_string(&data, end - data, encoding, 0);
+    if (!string)
+    {
+	continue;
+    }
 
     if (id3_ucs4_length(string) < 4) {
       free(string);
--- libid3tag-0.15.1b/parse.c	2004-01-23 09:41:32.000000000 +0000
+++ libid3tag-0.15.1b/parse.c	2007-01-14 14:37:34.000000000 +0000
@@ -165,6 +165,9 @@
   case ID3_FIELD_TEXTENCODING_UTF_8:
     ucs4 = id3_utf8_deserialize(ptr, length);
     break;
+  default:
+  	/* FIXME: Unknown encoding! Print warning? */
+	return NULL;
   }
 
   if (ucs4 && !full) {