From ae9122818cf7aa7bed809b1b55c876673c65dfe6 Mon Sep 17 00:00:00 2001
From: xingwei <xingwei14@h-partners.com>
Date: Fri, 30 May 2025 15:47:45 +0800
Subject: [PATCH] fix CVE-2023-47466

(cherry picked from commit 473fc3164186436049f2190c96fd0a3c74f3b2e1)
---
 backport-CVE-2023-47466.patch | 35 +++++++++++++++++++++++++++++++++++
 taglib.spec                   | 10 +++++++++-
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-47466.patch

diff --git a/backport-CVE-2023-47466.patch b/backport-CVE-2023-47466.patch
new file mode 100644
index 0000000..b059694
--- /dev/null
+++ b/backport-CVE-2023-47466.patch
@@ -0,0 +1,35 @@
+From dfa33bec0806cbb45785accb8cc6c2048a7d40cf Mon Sep 17 00:00:00 2001
+From: Urs Fleisch <ufleisch@users.sourceforge.net>
+Date: Sun, 5 Nov 2023 14:40:18 +0100
+Subject: [PATCH] Fix crash with invalid WAV files (#1163) (#1164)
+
+With specially crafted WAV files having the "id3 " chunk as the
+only valid chunk, when trying to write the tags, the existing
+"id3 " chunk is removed, and then vector::front() is called on
+the now empty chunks vector.
+Now it is checked if the vector is empty to avoid the crash.
+---
+ taglib/riff/rifffile.cpp     |   3 +++
+ tests/data/invalid-chunk.wav | Bin 0 -> 40 bytes
+ tests/test_wav.cpp           |  18 ++++++++++++++++++
+ 3 files changed, 21 insertions(+)
+ create mode 100644 tests/data/invalid-chunk.wav
+
+Conflict:Remove patch error test use case
+Context adapt
+Reference:https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf
+
+diff --git a/taglib/riff/rifffile.cpp b/taglib/riff/rifffile.cpp
+index 005551f..f615e6c 100644
+--- a/taglib/riff/rifffile.cpp
++++ b/taglib/riff/rifffile.cpp
+@@ -361,6 +361,9 @@ void RIFF::File::writeChunk(const ByteVector &name, const ByteVector &data,
+ 
+ void RIFF::File::updateGlobalSize()
+ {
++  if(d->chunks.empty())
++    return;
++
+   const Chunk first = d->chunks.front();
+   const Chunk last  = d->chunks.back();
+   d->size = last.offset + last.size + last.padding - first.offset + 12;
diff --git a/taglib.spec b/taglib.spec
index da72e66..1d7f125 100644
--- a/taglib.spec
+++ b/taglib.spec
@@ -1,7 +1,7 @@
 Name:          taglib
 Summary:       Audio Meta-Data Library
 Version:       1.11.1
-Release:       12
+Release:       13
 License:       LGPLv2 or MPLv1.1
 URL:           https://taglib.github.io/
 Source0:       https://taglib.github.io/releases/%{name}-%{version}.tar.gz
@@ -11,6 +11,8 @@ Patch0:        taglib-1.5rc1-multilib.patch
 
 # patch1 comes from TagLib official
 Patch1:        0001-Don-t-assume-TDRC-is-an-instance-of-TextIdentificati.patch
+Patch2:        backport-CVE-2023-47466.patch
+
 Patch6000:     CVE-2018-11439-Fixed-OOB-read-when-loading-invalid-ogg-flac-file.-8.patch
 
 BuildRequires: gcc gcc-c++ cmake pkgconfig zlib-devel
@@ -70,6 +72,12 @@ test "$(pkg-config --modversion taglib_c)" = "%{version}"
 
 
 %changelog
+* Fri May 30 2025 Xingwei <xingwei14@h-partners.com> - 1.11.1-13
+- Type:CVE
+- CVE:CVE-2023-47466
+- SUG:NA
+- DESC:fix CVE-2023-47466
+
 * Tue Dec 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.11.1-12
 - Type:bugfix
 - ID:NA
-- 
Gitee