[BACK]Return to patch-CVE-2017-12678 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / audio / taglib / patches

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /pkgsrc/audio/taglib/patches/Attic/patch-CVE-2017-12678 between version 1.1.2.1 and 1.1.2.2

version 1.1.2.1, 2019/07/18 09:36:37 version 1.1.2.2, 2019/07/18 13:33:53
Line 0 
Line 1 
   $NetBSD$
   
   Fix CVE-2017-12678
   
   In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp
   has a pointer to cast vulnerability, which allows remote attackers to cause a
   denial of service or possibly have unspecified other impact via a crafted
   audio file.
   
   Upstream commit:
   https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a
   
   --- taglib/mpeg/id3v2/id3v2framefactory.cpp.orig        2016-10-24 03:03:23.000000000 +0000
   +++ taglib/mpeg/id3v2/id3v2framefactory.cpp
   @@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame
         tag->frameList("TDAT").size() == 1)
      {
        TextIdentificationFrame *tdrc =
   -      static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
   +      dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
        UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
   
   -    if(tdrc->fieldList().size() == 1 &&
   +    if(tdrc &&
   +       tdrc->fieldList().size() == 1 &&
           tdrc->fieldList().front().size() == 4 &&
           tdat->data().size() >= 5)
        {

Legend:
Removed from v.1.1.2.1  
changed lines
  Added in v.1.1.2.2

CVSweb <webmaster@jp.NetBSD.org>