diff options
author | 2018-08-28 13:58:55 +0800 | |
---|---|---|
committer | 2018-08-29 10:40:08 +0100 | |
commit | e2bec1f7e05ec014bd887440521da7e1a13555be (patch) | |
tree | 1414ad7f9f57663ef2186668bf19668af7c5d838 /meta/recipes-multimedia/libid3tag/libid3tag | |
parent | 83f206d68e9ae9ed21398f5cfde6f911065fbce6 (diff) | |
download | openembedded-core-contrib-e2bec1f7e05ec014bd887440521da7e1a13555be.tar.gz |
libid3tag: patch for CVE-2004-2779
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libid3tag/libid3tag')
-rw-r--r-- | meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch new file mode 100644 index 0000000000..8d09ce7b6f --- /dev/null +++ b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch @@ -0,0 +1,33 @@ +libid3tag: patch for CVE-2004-2779 + +The patch comes from +https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch + +Upstream-Status: Pending + +CVE: CVE-2004-2779 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c +--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 ++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 +@@ -282,5 +282,18 @@ + + free(utf16); + ++ if (end == *ptr && length % 2 != 0) ++ { ++ /* We were called with a bogus length. It should always ++ * be an even number. We can deal with this in a few ways: ++ * - Always give an error. ++ * - Try and parse as much as we can and ++ * - return an error if we're called again when we ++ * already tried to parse everything we can. ++ * - tell that we parsed it, which is what we do here. ++ */ ++ (*ptr)++; ++ } ++ + return ucs4; + } |