rpms/gstreamer1-plugins-good
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c9s
gstreamer1-plugins-good/0009-wavparse-Fix-clipping-of-size-to-the-file-size.patch
Wim Taymans 7375f9916a Apply patches for CVE-2024-47537, CVE-2024-47539, CVE-2024-47540 
CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546,
  CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599,
  CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47606,
  CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776,
  CVE-2024-47777, CVE-2024-47778, CVE-2024-47834
Resolves: RHEL-70958, RHEL-70971, RHEL-71033, RHEL-71195
Resolves: RHEL-71210, RHEL-71202, RHEL-71171, RHEL-71200
Resolves: RHEL-71206, RHEL-71173, RHEL-71198, RHEL-71204
Resolves: RHEL-71208, RHEL-71031, RHEL-71007, RHEL-71039
Resolves: RHEL-71169, RHEL-71192, RHEL-71161, RHEL-71167
Resolves: RHEL-71189
2024-12-13 17:30:57 +01:00

41 lines
1.7 KiB
Diff
Raw Permalink Blame History

From 93f50e27e5a9b893d6131c75a6e476272795f8be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 4 Oct 2024 13:27:27 +0300
Subject: [PATCH 09/28] wavparse: Fix clipping of size to the file size
The size does not include the 8 bytes tag and length, so an additional 8 bytes
must be removed here. 8 bytes are always available at this point because
otherwise the parsing of the tag and length right above would've failed.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-260
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
---
subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c b/subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c
index e42bb24b9b..2499416a76 100644
--- a/subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c
+++ b/subprojects/gst-plugins-good/gst/wavparse/gstwavparse.c
@@ -1337,10 +1337,11 @@ gst_wavparse_stream_headers (GstWavParse * wav)
}
/* Clip to upstream size if known */
- if (upstream_size > 0 && size + wav->offset > upstream_size) {
+ if (upstream_size > 0 && size + 8 + wav->offset > upstream_size) {
GST_WARNING_OBJECT (wav, "Clipping chunk size to file size");
g_assert (upstream_size >= wav->offset);
- size = upstream_size - wav->offset;
+ g_assert (upstream_size - wav->offset >= 8);
+ size = upstream_size - wav->offset - 8;
}
/* wav is a st00pid format, we don't know for sure where data starts.
--
2.47.0
Reference in New Issue View Git Blame Copy Permalink