libid3tag: patch for CVE-2004-2779

The patch comes from
https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch

Upstream-Status: Pending

CVE: CVE-2004-2779

Signed-off-by: Changqing Li <changqing.li@windriver.com>

diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
--- libid3tag-0.15.1b/utf16.c	2006-01-13 15:26:29.000000000 +0100
+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c	2006-01-13 15:27:19.000000000 +0100
@@ -282,5 +282,18 @@
 
   free(utf16);
 
+  if (end == *ptr && length % 2 != 0)
+  {
+     /* We were called with a bogus length.  It should always
+      * be an even number.  We can deal with this in a few ways:
+      * - Always give an error.
+      * - Try and parse as much as we can and
+      *   - return an error if we're called again when we
+      *     already tried to parse everything we can.
+      *   - tell that we parsed it, which is what we do here.
+      */
+     (*ptr)++;
+  }
+
   return ucs4;
 }