Merge pull request #1888 from nextcloud/bug/noid/patch-mp3-lib

kesselb · web-flow · commit 72598ddd873a · 2024-07-04T10:49:14.000+02:00
chore(mp3info): apply upstream patch for invalid array access
diff --git a/.patches/mp3info-check-array-key.diff b/.patches/mp3info-check-array-key.diff
@@ -0,0 +1,32 @@
+diff --git a/src/Mp3Info.php b/src/Mp3Info.php
+index 257b147..17e4074 100644
+--- a/src/Mp3Info.php
++++ b/src/Mp3Info.php
+@@ -373,7 +373,6 @@ private function readMpegFrame($fp) {
+ 
+         switch ($header_bytes[1] >> 3 & 0b11) {
+             case 0b00: $this->codecVersion = self::MPEG_25; break;
+-            case 0b01: $this->codecVersion = self::CODEC_UNDEFINED; break;
+             case 0b10: $this->codecVersion = self::MPEG_2; break;
+             case 0b11: $this->codecVersion = self::MPEG_1; break;
+         }
+@@ -384,6 +383,9 @@ private function readMpegFrame($fp) {
+             case 0b11: $this->layerVersion = self::LAYER_1; break;
+         }
+ 
++        if (!isset($this->codecVersion) || !isset($this->layerVersion) || !isset($header_bytes[2])) {
++            throw new \Exception('Unrecognized codecVersion or layerVersion headers!');
++        }
+         $this->bitRate = self::$_bitRateTable[$this->codecVersion][$this->layerVersion][$header_bytes[2] >> 4];
+         $this->sampleRate = self::$_sampleRateTable[$this->codecVersion][($header_bytes[2] >> 2) & 0b11];
+ 
+@@ -394,6 +396,9 @@ private function readMpegFrame($fp) {
+             case 0b11: $this->channel = self::MONO; break;
+         }
+ 
++        if (!isset($this->channel)) {
++            throw new \Exception('Unrecognized channel header!');
++        }
+         $vbr_offset = self::$_vbrOffsets[$this->codecVersion][$this->channel == self::MONO ? 0 : 1];
+ 
+         // check for VBR
diff --git a/composer.patches.json b/composer.patches.json
@@ -1,8 +1,10 @@
 {
-    "patches": {
-	"sabre/dav": {
-            "Fix getNodeForPath cache": ".patches/fix-cache-for-node.diff"
-        }
-
-    }
+	"patches": {
+		"sabre/dav": {
+			"Fix getNodeForPath cache": ".patches/fix-cache-for-node.diff"
+		},
+		"wapmorgan/mp3info": {
+			"generate exception if codec/layer versions or channel headers are unrecognized": ".patches/mp3info-check-array-key.diff"
+		}
+	}
 }
diff --git a/composer/installed.json b/composer/installed.json
@@ -6508,6 +6508,11 @@
                 "bin/mp3scan"
             ],
             "type": "library",
+            "extra": {
+                "patches_applied": {
+                    "generate exception if codec/layer versions or channel headers are unrecognized": ".patches/mp3info-check-array-key.diff"
+                }
+            },
             "installation-source": "dist",
             "autoload": {
                 "psr-4": {
diff --git a/composer/installed.php b/composer/installed.php
@@ -1,9 +1,9 @@
 <?php return array(
     'root' => array(
         'name' => 'nextcloud/3rdparty',
-        'pretty_version' => '1.0.0+no-version-set',
-        'version' => '1.0.0.0',
-        'reference' => null,
+        'pretty_version' => 'dev-master',
+        'version' => 'dev-master',
+        'reference' => '5d619fb1d9e9f28e5b6ceeef5fd59a85b1965e38',
         'type' => 'library',
         'install_path' => __DIR__ . '/../',
         'aliases' => array(),
@@ -290,9 +290,9 @@
             'dev_requirement' => false,
         ),
         'nextcloud/3rdparty' => array(
-            'pretty_version' => '1.0.0+no-version-set',
-            'version' => '1.0.0.0',
-            'reference' => null,
+            'pretty_version' => 'dev-master',
+            'version' => 'dev-master',
+            'reference' => '5d619fb1d9e9f28e5b6ceeef5fd59a85b1965e38',
             'type' => 'library',
             'install_path' => __DIR__ . '/../',
             'aliases' => array(),
diff --git a/wapmorgan/mp3info/PATCHES.txt b/wapmorgan/mp3info/PATCHES.txt
@@ -0,0 +1,7 @@
+This file was automatically generated by Composer Patches (https://github.com/cweagans/composer-patches)
+Patches applied to this directory:
+
+generate exception if codec/layer versions or channel headers are unrecognized
+Source: .patches/mp3info-check-array-key.diff
+
+
diff --git a/wapmorgan/mp3info/src/Mp3Info.php b/wapmorgan/mp3info/src/Mp3Info.php
@@ -373,7 +373,6 @@ private function readMpegFrame($fp) {
 
         switch ($header_bytes[1] >> 3 & 0b11) {
             case 0b00: $this->codecVersion = self::MPEG_25; break;
-            case 0b01: $this->codecVersion = self::CODEC_UNDEFINED; break;
             case 0b10: $this->codecVersion = self::MPEG_2; break;
             case 0b11: $this->codecVersion = self::MPEG_1; break;
         }
@@ -384,6 +383,9 @@ private function readMpegFrame($fp) {
             case 0b11: $this->layerVersion = self::LAYER_1; break;
         }
 
+        if (!isset($this->codecVersion) || !isset($this->layerVersion) || !isset($header_bytes[2])) {
+            throw new \Exception('Unrecognized codecVersion or layerVersion headers!');
+        }
         $this->bitRate = self::$_bitRateTable[$this->codecVersion][$this->layerVersion][$header_bytes[2] >> 4];
         $this->sampleRate = self::$_sampleRateTable[$this->codecVersion][($header_bytes[2] >> 2) & 0b11];
 
@@ -394,6 +396,9 @@ private function readMpegFrame($fp) {
             case 0b11: $this->channel = self::MONO; break;
         }
 
+        if (!isset($this->channel)) {
+            throw new \Exception('Unrecognized channel header!');
+        }
         $vbr_offset = self::$_vbrOffsets[$this->codecVersion][$this->channel == self::MONO ? 0 : 1];
 
         // check for VBR
