From 717743ce279dae4c22bee32be0743553e6f9be5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Thu, 26 Sep 2024 19:16:19 +0300 Subject: [PATCH 26/28] qtdemux: Check for invalid atom length when extracting Closed Caption data Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-243 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3849 Part-of: --- subprojects/gst-plugins-good/gst/isomp4/qtdemux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c b/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c index af66740aa9..72a41ab343 100644 --- a/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c +++ b/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c @@ -5826,7 +5826,7 @@ extract_cc_from_data (QtDemuxStream * stream, const guint8 * data, gsize size, goto invalid_cdat; atom_length = QT_UINT32 (data); fourcc = QT_FOURCC (data + 4); - if (G_UNLIKELY (atom_length > size || atom_length == 8)) + if (G_UNLIKELY (atom_length > size || atom_length <= 8)) goto invalid_cdat; GST_DEBUG_OBJECT (stream->pad, "here"); -- 2.47.0