- Fix crasher when parsing UTF-16 strings with a BOM (#517642)

2009-10-17 14:22:01 +00:00 · 2009-10-17 14:22:01 +00:00 · 008a5148be
commit 008a5148be
parent 2beb54ee4f
2 changed files with 109 additions and 1 deletions
--- a/libgpod-utf16-parsing.patch
+++ b/libgpod-utf16-parsing.patch
@ -0,0 +1,101 @@
+diff --git a/src/itdb_itunesdb.c b/src/itdb_itunesdb.c
+index c41e758..3f352e1 100644
+--- a/src/itdb_itunesdb.c
+++ b/src/itdb_itunesdb.c
+@@ -1286,6 +1286,45 @@ static gint32 get_mhod_type (FContents *cts, glong seek, guint32 *ml)
+     return type;
+ }
+ 
+static char *extract_mhod_string (FContents *cts, glong seek)
+{
+    gunichar2 *entry_utf16;
+    char *entry_utf8;
+    gint string_type;
+    gsize len;
+
+    /* type of string: 0x02: UTF8, 0x01 or 0x00: UTF16 LE */
+    string_type = get32lint (cts, seek);
+    len = get32lint (cts, seek+4);   /* length of string */
+    g_return_val_if_fail (len < G_MAXUINT - 2, NULL);
+    if (string_type != 0x02) {
+	/* UTF-16 string */
+	entry_utf16 = g_new0 (gunichar2, (len+2)/2);
+	if (seek_get_n_bytes (cts, (gchar *)entry_utf16, seek+16, len)) {
+	    fixup_little_utf16 (entry_utf16);
+	    entry_utf8= g_utf16_to_utf8 (entry_utf16, -1, NULL, NULL, NULL);
+	    g_free (entry_utf16);
+	} else { 
+	    g_free (entry_utf16);
+	    return NULL;
+	}
+    } else {
+	/* UTF-8 string */
+	entry_utf8 = g_new0 (gchar, len+1);
+	if (!seek_get_n_bytes (cts, entry_utf8, seek+16, len)) {
+	    g_free (entry_utf8);
+	    return NULL;
+	}
+    }
+
+    if (g_utf8_validate (entry_utf8, -1, NULL)) {
+	return entry_utf8;
+    } else {
+	g_free (entry_utf8);
+	return NULL;
+    }
+}
+
+ /* Returns the contents of the mhod at position @mhod_seek. This can
+    be a simple string or something more complicated as in the case for
+    Itdb_SPLPREF OR Itdb_SPLRULES.
+@@ -1303,12 +1342,10 @@ static gint32 get_mhod_type (FContents *cts, glong seek, guint32 *ml)
+ 
+ static MHODData get_mhod (FImport *fimp, glong mhod_seek, guint32 *ml)
+ {
+-  gunichar2 *entry_utf16 = NULL;
+   MHODData result;
+   gint32 xl;
+   guint32 mhod_len;
+   gint32 header_length;
+-  guint32 string_type;
+   gulong seek;
+   FContents *cts;
+   
+@@ -1384,34 +1421,9 @@ static MHODData get_mhod (FImport *fimp, glong mhod_seek, guint32 *ml)
+   case MHOD_ID_SORT_ALBUMARTIST:
+   case MHOD_ID_SORT_COMPOSER:
+   case MHOD_ID_SORT_TVSHOW:
+-      /* type of string: 0x02: UTF8, 0x01 or 0x00: UTF16 LE */
+-      string_type = get32lint (cts, seek);
+-      xl = get32lint (cts, seek+4);   /* length of string */
+-      g_return_val_if_fail (xl < G_MAXUINT - 2, result);
+-      if (string_type != 0x02)
+-      {
+-	  entry_utf16 = g_new0 (gunichar2, (xl+2)/2);
+-	  if (seek_get_n_bytes (cts, (gchar *)entry_utf16, seek+16, xl))
+-	  {
+-	      fixup_little_utf16 (entry_utf16);
+-	      result.data.string = g_utf16_to_utf8 (entry_utf16, -1,
+-						    NULL, NULL, NULL);
+-	      g_free (entry_utf16);
+-	  }
+-	  else
+-	  {   /* error */
+-	      g_free (entry_utf16);
+-	      return result;  /* *ml==-1, result.valid==FALSE */
+-	  }
+-      }
+-      else
+-      {
+-	  result.data.string = g_new0 (gchar, xl+1);
+-	  if (!seek_get_n_bytes (cts, result.data.string, seek+16, xl))
+-	  {   /* error */
+-	      g_free (entry_utf16);
+-	      return result;  /* *ml==-1, result.valid==FALSE */
+-	  }
+      result.data.string = extract_mhod_string (cts, seek);
+      if (result.data.string == NULL) {
+	  return result;
+       }
+       break;
+   case MHOD_ID_PODCASTURL:
--- a/libgpod.spec
+++ b/libgpod.spec
@ -3,13 +3,16 @@
 Summary: Library to access the contents of an iPod
 Name: libgpod
 Version: 0.7.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 URL: http://www.gtkpod.org/libgpod.html
 Source0: http://downloads.sourceforge.net/gtkpod/%{name}-%{version}.tar.gz
 # See http://www.redhat.com/archives/fedora-selinux-list/2009-January/msg00005.html
 Patch0: 0001-Use-var-run-hald-as-mount-dir-for-hal-callout.patch
+# http://gitorious.org/~teuf/libgpod/teuf-sandbox/commit/3847494a513b5ef04d7abbe55c3d95dbcd836ef6
+# https://bugzilla.redhat.com/show_bug.cgi?id=517642
+Patch1: libgpod-utf16-parsing.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: docbook-style-xsl
 BuildRequires: glib2-devel
@ -78,6 +81,7 @@ libgpod library.
 %prep
 %setup -q
 %patch0 -p1 -b .selinux
+%patch1 -p1 -b .utf16

 # remove execute perms on the python examples as they'll be installed in %doc
 %{__chmod} -x bindings/python/examples/*.py
@ -137,6 +141,9 @@ libgpod library.


 %changelog
+* Sat Oct 17 2009 Bastien Nocera <bnocera@redhat.com> 0.7.2-3
+- Fix crasher when parsing UTF-16 strings with a BOM (#517642)
+
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild