SOURCES: id3lib-CVE-2007-4460.patch (NEW) - new

adamg adamg at pld-linux.org
Sat Sep 1 15:33:03 CEST 2007 

Author: adamg                        Date: Sat Sep  1 13:33:03 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- new

---- Files affected:
SOURCES:
   id3lib-CVE-2007-4460.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/id3lib-CVE-2007-4460.patch
diff -u /dev/null SOURCES/id3lib-CVE-2007-4460.patch:1.1
--- /dev/null	Sat Sep  1 15:33:03 2007
+++ SOURCES/id3lib-CVE-2007-4460.patch	Sat Sep  1 15:32:58 2007
@@ -0,0 +1,49 @@
+--- id3lib3.8.3-3.8.3.orig/src/tag_file.cpp
++++ id3lib3.8.3-3.8.3/src/tag_file.cpp
+@@ -242,8 +242,8 @@
+     strcpy(sTempFile, filename.c_str());
+     strcat(sTempFile, sTmpSuffix.c_str());
+ 
+-#if ((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+-    // This section is for Windows folk && gcc 3.x folk
++#if !defined(HAVE_MKSTEMP)
++    // This section is for Windows folk
+     fstream tmpOut;
+     createFile(sTempFile, tmpOut);
+ 
+@@ -257,7 +257,7 @@
+       tmpOut.write((char *)tmpBuffer, nBytes);
+     }
+ 
+-#else //((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
++#else //!defined(HAVE_MKSTEMP)
+ 
+     // else we gotta make a temp file, copy the tag into it, copy the
+     // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@
+       //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+     }
+ 
+-    ofstream tmpOut(fd);
++    ofstream tmpOut(sTempFile);
+     if (!tmpOut)
+     {
+       tmpOut.close();
+@@ -285,14 +285,14 @@
+     uchar tmpBuffer[BUFSIZ];
+     while (file)
+     {
+-      file.read(tmpBuffer, BUFSIZ);
++      file.read((char *)tmpBuffer, BUFSIZ);
+       size_t nBytes = file.gcount();
+-      tmpOut.write(tmpBuffer, nBytes);
++      tmpOut.write((char *)tmpBuffer, nBytes);
+     }
+ 
+     close(fd); //closes the file
+ 
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
++#endif ////!defined(HAVE_MKSTEMP)
+ 
+     tmpOut.close();
+     file.close();
================================================================

More information about the pld-cvs-commit mailing list