diff options
Diffstat (limited to 'community/taglib/CVE-2018-11439.patch')
-rw-r--r-- | community/taglib/CVE-2018-11439.patch | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/community/taglib/CVE-2018-11439.patch b/community/taglib/CVE-2018-11439.patch deleted file mode 100644 index 20b777e74e2..00000000000 --- a/community/taglib/CVE-2018-11439.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 2c4ae870ec086f2ddd21a47861a3709c36faac45 Mon Sep 17 00:00:00 2001 -From: Scott Gayou <github.scott@gmail.com> -Date: Tue, 9 Oct 2018 18:46:55 -0500 -Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) - (#869) - -CVE-2018-11439 is caused by a failure to check the minimum length -of a ogg flac header. This header is detailed in full at: -https://xiph.org/flac/ogg_mapping.html. Added more strict checking -for entire header. ---- - taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp -index 53d04508a..07ea9dccc 100644 ---- a/taglib/ogg/flac/oggflacfile.cpp -+++ b/taglib/ogg/flac/oggflacfile.cpp -@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() - - if(!metadataHeader.startsWith("fLaC")) { - // FLAC 1.1.2+ -+ // See https://xiph.org/flac/ogg_mapping.html for the header specification. -+ if(metadataHeader.size() < 13) -+ return; -+ -+ if(metadataHeader[0] != 0x7f) -+ return; -+ - if(metadataHeader.mid(1, 4) != "FLAC") - return; - -- if(metadataHeader[5] != 1) -- return; // not version 1 -+ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) -+ return; // not version 1.0 -+ -+ if(metadataHeader.mid(9, 4) != "fLaC") -+ return; - - metadataHeader = metadataHeader.mid(13); - } |