Overview

File CVE-2023-47466.patch of Package taglib.41980

From dfa33bec0806cbb45785accb8cc6c2048a7d40cf Mon Sep 17 00:00:00 2001
From: Urs Fleisch <ufleisch@users.sourceforge.net>
Date: Sun, 5 Nov 2023 14:40:18 +0100
Subject: [PATCH] Fix crash with invalid WAV files (#1163) (#1164)

With specially crafted WAV files having the "id3 " chunk as the
only valid chunk, when trying to write the tags, the existing
"id3 " chunk is removed, and then vector::front() is called on
the now empty chunks vector.
Now it is checked if the vector is empty to avoid the crash.
---
 taglib/riff/rifffile.cpp     |   3 +++
 tests/test_wav.cpp           |  18 ++++++++++++++++++
 2 files changed, 21 insertions(+)

Index: taglib-1.13.1/taglib/riff/rifffile.cpp
===================================================================
--- taglib-1.13.1.orig/taglib/riff/rifffile.cpp
+++ taglib-1.13.1/taglib/riff/rifffile.cpp
@@ -361,6 +361,9 @@ void RIFF::File::writeChunk(const ByteVe
 
 void RIFF::File::updateGlobalSize()
 {
+  if(d->chunks.empty())
+    return;
+
   const Chunk first = d->chunks.front();
   const Chunk last  = d->chunks.back();
   d->size = last.offset + last.size + last.padding - first.offset + 12;
openSUSE Build Service is sponsored by
Places