Overview

File taglib-CVE-2012-2396.patch of Package taglib.495

Index: taglib-1.7/taglib/mp4/mp4properties.cpp
===================================================================
--- taglib-1.7.orig/taglib/mp4/mp4properties.cpp
+++ taglib-1.7/taglib/mp4/mp4properties.cpp
@@ -91,15 +91,24 @@ MP4::Properties::Properties(File *file,
 
   file->seek(mdhd->offset);
   data = file->readBlock(mdhd->length);
-  if(data[8] == 0) {
-    unsigned int unit = data.mid(20, 4).toUInt();
-    unsigned int length = data.mid(24, 4).toUInt();
-    d->length = length / unit;
-  }
-  else {
+  uint version = data[8];
+    if(version == 1) {
+      if (data.size() < 36 + 8) {
+        debug("MP4: Atom 'trak.mdia.mdhd' is smaller than expected");
+        return;
+      }
     long long unit = data.mid(28, 8).toLongLong();
     long long length = data.mid(36, 8).toLongLong();
-    d->length = int(length / unit);
+    d->length = unit ? int(length / unit) : 0;
+    }
+    else {
+      if (data.size() < 24 + 4) {
+        debug("MP4: Atom 'trak.mdia.mdhd' is smaller than expected");
+        return;
+      }
+      unsigned int unit = data.mid(20, 4).toUInt();
+      unsigned int length = data.mid(24, 4).toUInt();
+      d->length = unit ? length / unit : 0;
   }
 
   MP4::Atom *atom = trak->find("mdia", "minf", "stbl", "stsd");
openSUSE Build Service is sponsored by
Places