[libid3tag] Updated to avoid crash bug
Already updated to 0.16.1, but this fixes a crash bug in 0.16.1. Signed-off-by: Christopher Snowhill <kode54@gmail.com>main
parent
de9b09251d
commit
187ee602d6
|
@ -1,21 +1,21 @@
|
||||||
Built with the Arch Linux defaults, sort of:
|
Built with the Arch Linux defaults, sort of:
|
||||||
|
|
||||||
```
|
```
|
||||||
patch -Np1 -i 10_utf16.diff
|
patch -Np1 -i libid3tag-0.16.1.bugfix.patch
|
||||||
patch -Np1 -i 11_unknown_encoding.diff
|
|
||||||
patch -Np0 -i CVE-2008-2109.patch
|
|
||||||
patch -Np1 -i libid3tag-gperf.patch
|
|
||||||
rm compat.c frametype.c
|
|
||||||
|
|
||||||
touch NEWS
|
cmake -B build.x86 -DCMAKE_OSX_ARCHITECTURES="x86_64" -DCMAKE_OSX_DEPLOYMENT_TARGET="10.13" -DBUILD_SHARED_LIBS=OFF
|
||||||
touch AUTHORS
|
cmake -B build.arm -DCMAKE_OSX_ARCHITECTURES="arm64" -DCMAKE_OSX_DEPLOYMENT_TARGET="11.0" -DBUILD_SHARED_LIBS=OFF
|
||||||
touch ChangeLog
|
|
||||||
|
|
||||||
autoreconf -fiv
|
cd build.x86
|
||||||
./configure
|
make -j8
|
||||||
make -j8 CFLAGS="-Os -arch x86_64 -arch arm64 -mmacosx-version-min=10.12" LDFLAGS="-arch x86_64 -arch arm64 -mmacosx-version-min=10.12"
|
cd ..
|
||||||
|
|
||||||
|
cd build.arm
|
||||||
|
make -j8
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
mkdir out.release
|
||||||
|
lipo -create -output out.release/libid3tag.a build.x86/libid3tag.a build.arm/libid3tag.a
|
||||||
```
|
```
|
||||||
|
|
||||||
Version 0.15.1b was used, with Arch Linux patches. I also had to tweak
|
Version 0.16.1 was used, with a patch to fix a crash bug on invalid tags.
|
||||||
the compat.c and frametype.c to change the function definitions to match
|
|
||||||
the gperf patch used above.
|
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
#! /bin/sh -e
|
|
||||||
## 10_utf16.dpatch by <kurt@roeckx.be>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Handle bogus UTF16 sequences that have a length that is not
|
|
||||||
## DP: an even number of 8 bit characters.
|
|
||||||
|
|
||||||
if [ $# -lt 1 ]; then
|
|
||||||
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
|
|
||||||
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
-patch) patch -p1 ${patch_opts} < $0;;
|
|
||||||
-unpatch) patch -R -p1 ${patch_opts} < $0;;
|
|
||||||
*)
|
|
||||||
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
|
|
||||||
exit 1;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
|
|
||||||
--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100
|
|
||||||
+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100
|
|
||||||
@@ -282,5 +282,18 @@
|
|
||||||
|
|
||||||
free(utf16);
|
|
||||||
|
|
||||||
+ if (end == *ptr && length % 2 != 0)
|
|
||||||
+ {
|
|
||||||
+ /* We were called with a bogus length. It should always
|
|
||||||
+ * be an even number. We can deal with this in a few ways:
|
|
||||||
+ * - Always give an error.
|
|
||||||
+ * - Try and parse as much as we can and
|
|
||||||
+ * - return an error if we're called again when we
|
|
||||||
+ * already tried to parse everything we can.
|
|
||||||
+ * - tell that we parsed it, which is what we do here.
|
|
||||||
+ */
|
|
||||||
+ (*ptr)++;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return ucs4;
|
|
||||||
}
|
|
|
@ -1,37 +0,0 @@
|
||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 11_unknown_encoding.dpatch by Andreas Henriksson <andreas@fatal.se>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: In case of an unknown/invalid encoding, id3_parse_string() will
|
|
||||||
## DP: return NULL, but the return value wasn't checked resulting
|
|
||||||
## DP: in segfault in id3_ucs4_length(). This is the only place
|
|
||||||
## DP: the return value wasn't checked.
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf
|
|
||||||
--- libid3tag-0.15.1b~/compat.gperf 2004-01-23 09:41:32.000000000 +0000
|
|
||||||
+++ libid3tag-0.15.1b/compat.gperf 2007-01-14 14:36:53.000000000 +0000
|
|
||||||
@@ -236,6 +236,10 @@
|
|
||||||
|
|
||||||
encoding = id3_parse_uint(&data, 1);
|
|
||||||
string = id3_parse_string(&data, end - data, encoding, 0);
|
|
||||||
+ if (!string)
|
|
||||||
+ {
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (id3_ucs4_length(string) < 4) {
|
|
||||||
free(string);
|
|
||||||
diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c
|
|
||||||
--- libid3tag-0.15.1b~/parse.c 2004-01-23 09:41:32.000000000 +0000
|
|
||||||
+++ libid3tag-0.15.1b/parse.c 2007-01-14 14:37:34.000000000 +0000
|
|
||||||
@@ -165,6 +165,9 @@
|
|
||||||
case ID3_FIELD_TEXTENCODING_UTF_8:
|
|
||||||
ucs4 = id3_utf8_deserialize(ptr, length);
|
|
||||||
break;
|
|
||||||
+ default:
|
|
||||||
+ /* FIXME: Unknown encoding! Print warning? */
|
|
||||||
+ return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ucs4 && !full) {
|
|
|
@ -1,11 +0,0 @@
|
||||||
--- field.c.orig 2008-05-05 09:49:15.000000000 -0400
|
|
||||||
+++ field.c 2008-05-05 09:49:25.000000000 -0400
|
|
||||||
@@ -291,7 +291,7 @@
|
|
||||||
|
|
||||||
end = *ptr + length;
|
|
||||||
|
|
||||||
- while (end - *ptr > 0) {
|
|
||||||
+ while (end - *ptr > 0 && **ptr != '\0') {
|
|
||||||
ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
|
|
||||||
if (ucs4 == 0)
|
|
||||||
goto fail;
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
diff -ur libid3tag-0.16.1.orig/compat.c libid3tag-0.16.1/compat.c
|
||||||
|
--- libid3tag-0.16.1.orig/compat.c 2021-08-15 13:52:07.000000000 -0700
|
||||||
|
+++ libid3tag-0.16.1/compat.c 2022-07-15 04:27:32.000000000 -0700
|
||||||
|
@@ -439,6 +439,10 @@
|
||||||
|
encoding = id3_parse_uint(&data, 1);
|
||||||
|
string = id3_parse_string(&data, end - data, encoding, 0);
|
||||||
|
|
||||||
|
+ if (string == 0) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (id3_ucs4_length(string) < 4) {
|
||||||
|
free(string);
|
||||||
|
continue;
|
|
@ -1,26 +0,0 @@
|
||||||
Index: libid3tag-0.15.1b/frametype.h
|
|
||||||
===================================================================
|
|
||||||
--- libid3tag-0.15.1b.orig/frametype.h
|
|
||||||
+++ libid3tag-0.15.1b/frametype.h
|
|
||||||
@@ -37,6 +37,6 @@ extern struct id3_frametype const id3_fr
|
|
||||||
extern struct id3_frametype const id3_frametype_obsolete;
|
|
||||||
|
|
||||||
struct id3_frametype const *id3_frametype_lookup(register char const *,
|
|
||||||
- register unsigned int);
|
|
||||||
+ register size_t);
|
|
||||||
|
|
||||||
# endif
|
|
||||||
Index: libid3tag-0.15.1b/compat.h
|
|
||||||
===================================================================
|
|
||||||
--- libid3tag-0.15.1b.orig/compat.h
|
|
||||||
+++ libid3tag-0.15.1b/compat.h
|
|
||||||
@@ -34,7 +34,7 @@ struct id3_compat {
|
|
||||||
};
|
|
||||||
|
|
||||||
struct id3_compat const *id3_compat_lookup(register char const *,
|
|
||||||
- register unsigned int);
|
|
||||||
+ register size_t);
|
|
||||||
|
|
||||||
int id3_compat_fixup(struct id3_tag *);
|
|
||||||
|
|
||||||
|
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue