how-lix-os-pkgs/libid3tag/default/patch

addresses CVE-2008-2109.

libid3tag does not seem to be actively maintained anymore.

--- a/field.c.orig	2008-05-05 09:49:15.000000000 -0400
+++ b/field.c	2008-05-05 09:49:25.000000000 -0400
@@ -291,7 +291,7 @@
 
       end = *ptr + length;
 
-      while (end - *ptr > 0) {
+      while (end - *ptr > 0 && **ptr != '\0') {
 	ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
 	if (ucs4 == 0)
 	  goto fail;
initial commit. still needs work, but it works. 2020-11-25 07:21:40 +01:00			`addresses CVE-2008-2109.`

			`libid3tag does not seem to be actively maintained anymore.`

			`--- a/field.c.orig 2008-05-05 09:49:15.000000000 -0400`
			`+++ b/field.c 2008-05-05 09:49:25.000000000 -0400`
			`@@ -291,7 +291,7 @@`

			`end = *ptr + length;`

			`- while (end - *ptr > 0) {`
			`+ while (end - ptr > 0 && *ptr != '\0') {`
			`ucs4 = id3_parse_string(ptr, end - ptr, encoding, 0);`
			`if (ucs4 == 0)`
			`goto fail;`