From 4a224778bd62566920648094c0024935b97d8a47 Mon Sep 17 00:00:00 2001
From: xingwei <xingwei14@h-partners.com>
Date: Fri, 30 May 2025 15:16:14 +0800
Subject: [PATCH] fix CVE-2023-47466

(cherry picked from commit 3574e6a3b69a3220b2f8c3e703b1e8a29f5ff93c)
---
 backport-CVE-2023-47466.patch | 35 +++++++++++++++++++++++++++++++++++
 taglib.spec                   | 10 +++++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-47466.patch

diff --git a/backport-CVE-2023-47466.patch b/backport-CVE-2023-47466.patch
new file mode 100644
index 0000000..b059694
--- /dev/null
+++ b/backport-CVE-2023-47466.patch
@@ -0,0 +1,35 @@
+From dfa33bec0806cbb45785accb8cc6c2048a7d40cf Mon Sep 17 00:00:00 2001
+From: Urs Fleisch <ufleisch@users.sourceforge.net>
+Date: Sun, 5 Nov 2023 14:40:18 +0100
+Subject: [PATCH] Fix crash with invalid WAV files (#1163) (#1164)
+
+With specially crafted WAV files having the "id3 " chunk as the
+only valid chunk, when trying to write the tags, the existing
+"id3 " chunk is removed, and then vector::front() is called on
+the now empty chunks vector.
+Now it is checked if the vector is empty to avoid the crash.
+---
+ taglib/riff/rifffile.cpp     |   3 +++
+ tests/data/invalid-chunk.wav | Bin 0 -> 40 bytes
+ tests/test_wav.cpp           |  18 ++++++++++++++++++
+ 3 files changed, 21 insertions(+)
+ create mode 100644 tests/data/invalid-chunk.wav
+
+Conflict:Remove patch error test use case
+Context adapt
+Reference:https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf
+
+diff --git a/taglib/riff/rifffile.cpp b/taglib/riff/rifffile.cpp
+index 005551f..f615e6c 100644
+--- a/taglib/riff/rifffile.cpp
++++ b/taglib/riff/rifffile.cpp
+@@ -361,6 +361,9 @@ void RIFF::File::writeChunk(const ByteVector &name, const ByteVector &data,
+ 
+ void RIFF::File::updateGlobalSize()
+ {
++  if(d->chunks.empty())
++    return;
++
+   const Chunk first = d->chunks.front();
+   const Chunk last  = d->chunks.back();
+   d->size = last.offset + last.size + last.padding - first.offset + 12;
diff --git a/taglib.spec b/taglib.spec
index a5c4d83..1b8bd04 100644
--- a/taglib.spec
+++ b/taglib.spec
@@ -1,13 +1,15 @@
 Name:          taglib
 Summary:       Audio Meta-Data Library
 Version:       1.13.1
-Release:       1
+Release:       2
 License:       LGPLv2 or MPLv1.1
 URL:           https://taglib.org/
 Source0:       https://github.com/%{name}/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
 
 BuildRequires: gcc gcc-c++ cmake pkgconfig zlib-devel
 
+Patch0:        backport-CVE-2023-47466.patch        
+
 %description
 TagLib is a library for reading and editing the meta-data of several popular
 audio formats. Currently it supports both ID3v1 and ID3v2 for MP3 files, Ogg
@@ -63,6 +65,12 @@ test "$(pkg-config --modversion taglib_c)" = "%{version}"
 
 
 %changelog
+* Fri May 30 2025 Xingwei <xingwei14@h-partners.com> - 1.13.1-2
+- Type:CVE
+- CVE:CVE-2023-47466
+- SUG:NA
+- DESC:fix CVE-2023-47466
+
 * Tue Aug 01 2023 wangqia <wangqia@uniontech.com> - 1.13.1-1
 - update to 1.13.1
 
-- 
Gitee