nixpkgs/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch


1
2
3
4
5
6
7
8
9
10
11
12
13

Common subdirectories: libid3tag-0.15.1b/msvc++ and libid3tag-0.15.1b-patched/msvc++
diff -uwp libid3tag-0.15.1b/utf16.c libid3tag-0.15.1b-patched/utf16.c
--- libid3tag-0.15.1b/utf16.c	2004-01-23 10:41:32.000000000 +0100
+++ libid3tag-0.15.1b-patched/utf16.c	2018-11-01 13:12:00.866050641 +0100
@@ -250,6 +250,8 @@ id3_ucs4_t *id3_utf16_deserialize(id3_by
   id3_ucs4_t *ucs4;
 
   end = *ptr + (length & ~1);
+  if (end == *ptr)
+    return 0;
 
   utf16 = malloc((length / 2 + 1) * sizeof(*utf16));
   if (utf16 == 0)