From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../libid3tag/libid3tag/10_utf16.patch | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch (limited to 'external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch') diff --git a/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch b/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch new file mode 100644 index 00000000..10e08901 --- /dev/null +++ b/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch @@ -0,0 +1,34 @@ +libid3tag: patch for CVE-2004-2779 + +The patch comes from +https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch + +Upstream-Status: Pending + +CVE: CVE-2004-2779 +CVE: CVE-2017-11551 + +Signed-off-by: Changqing Li + +diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c +--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 ++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 +@@ -282,5 +282,18 @@ + + free(utf16); + ++ if (end == *ptr && length % 2 != 0) ++ { ++ /* We were called with a bogus length. It should always ++ * be an even number. We can deal with this in a few ways: ++ * - Always give an error. ++ * - Try and parse as much as we can and ++ * - return an error if we're called again when we ++ * already tried to parse everything we can. ++ * - tell that we parsed it, which is what we do here. ++ */ ++ (*ptr)++; ++ } ++ + return ucs4; + } -- cgit 1.2.3-korg