aboutsummaryrefslogtreecommitdiffstats
path: root/main/taglib/CVE-2018-11439.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/taglib/CVE-2018-11439.patch')
-rw-r--r--main/taglib/CVE-2018-11439.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/main/taglib/CVE-2018-11439.patch b/main/taglib/CVE-2018-11439.patch
new file mode 100644
index 0000000000..20b777e74e
--- /dev/null
+++ b/main/taglib/CVE-2018-11439.patch
@@ -0,0 +1,42 @@
+From 2c4ae870ec086f2ddd21a47861a3709c36faac45 Mon Sep 17 00:00:00 2001
+From: Scott Gayou <github.scott@gmail.com>
+Date: Tue, 9 Oct 2018 18:46:55 -0500
+Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868)
+ (#869)
+
+CVE-2018-11439 is caused by a failure to check the minimum length
+of a ogg flac header. This header is detailed in full at:
+https://xiph.org/flac/ogg_mapping.html. Added more strict checking
+for entire header.
+---
+ taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
+index 53d04508a..07ea9dccc 100644
+--- a/taglib/ogg/flac/oggflacfile.cpp
++++ b/taglib/ogg/flac/oggflacfile.cpp
+@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
+
+ if(!metadataHeader.startsWith("fLaC")) {
+ // FLAC 1.1.2+
++ // See https://xiph.org/flac/ogg_mapping.html for the header specification.
++ if(metadataHeader.size() < 13)
++ return;
++
++ if(metadataHeader[0] != 0x7f)
++ return;
++
+ if(metadataHeader.mid(1, 4) != "FLAC")
+ return;
+
+- if(metadataHeader[5] != 1)
+- return; // not version 1
++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
++ return; // not version 1.0
++
++ if(metadataHeader.mid(9, 4) != "fLaC")
++ return;
+
+ metadataHeader = metadataHeader.mid(13);
+ }