7375f9916a
CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599, CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47606, CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778, CVE-2024-47834 Resolves: RHEL-70958, RHEL-70971, RHEL-71033, RHEL-71195 Resolves: RHEL-71210, RHEL-71202, RHEL-71171, RHEL-71200 Resolves: RHEL-71206, RHEL-71173, RHEL-71198, RHEL-71204 Resolves: RHEL-71208, RHEL-71031, RHEL-71007, RHEL-71039 Resolves: RHEL-71169, RHEL-71192, RHEL-71161, RHEL-71167 Resolves: RHEL-71189
31 lines
1.0 KiB
Diff
31 lines
1.0 KiB
Diff
From 5a9abc018ebe1ffa5412bf3f7ad9fde414ef8b68 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
Date: Fri, 4 Oct 2024 13:21:44 +0300
|
|
Subject: [PATCH 07/28] wavparse: Check that at least 4 bytes are available
|
|
before parsing cue chunks
|
|
|
|
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
|
|
---
|
|
subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c b/subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c
|
|
index 5ccf7cd1e1..c36920501e 100644
|
|
--- a/subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c
|
|
+++ b/subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c
|
|
@@ -789,6 +789,11 @@ gst_wavparse_cue_chunk (GstWavParse * wav, const guint8 * data, guint32 size)
|
|
return TRUE;
|
|
}
|
|
|
|
+ if (size < 4) {
|
|
+ GST_WARNING_OBJECT (wav, "broken file %d", size);
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
ncues = GST_READ_UINT32_LE (data);
|
|
|
|
if (size < 4 + ncues * 24) {
|
|
--
|
|
2.47.0
|
|
|