7375f9916a
CVE-2024-47543, CVE-2024-47544, CVE-2024-47545, CVE-2024-47546, CVE-2024-47596, CVE-2024-47597, CVE-2024-47598, CVE-2024-47599, CVE-2024-47601, CVE-2024-47602, CVE-2024-47603, CVE-2024-47606, CVE-2024-47613, CVE-2024-47774, CVE-2024-47775, CVE-2024-47776, CVE-2024-47777, CVE-2024-47778, CVE-2024-47834 Resolves: RHEL-70958, RHEL-70971, RHEL-71033, RHEL-71195 Resolves: RHEL-71210, RHEL-71202, RHEL-71171, RHEL-71200 Resolves: RHEL-71206, RHEL-71173, RHEL-71198, RHEL-71204 Resolves: RHEL-71208, RHEL-71031, RHEL-71007, RHEL-71039 Resolves: RHEL-71169, RHEL-71192, RHEL-71161, RHEL-71167 Resolves: RHEL-71189
33 lines
1.3 KiB
Diff
33 lines
1.3 KiB
Diff
From 717743ce279dae4c22bee32be0743553e6f9be5f Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
Date: Thu, 26 Sep 2024 19:16:19 +0300
|
|
Subject: [PATCH 26/28] qtdemux: Check for invalid atom length when extracting
|
|
Closed Caption data
|
|
|
|
Thanks to Antonio Morales for finding and reporting the issue.
|
|
|
|
Fixes GHSL-2024-243
|
|
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3849
|
|
|
|
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8060>
|
|
---
|
|
subprojects/gst-plugins-good/gst/isomp4/qtdemux.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c b/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c
|
|
index af66740aa9..72a41ab343 100644
|
|
--- a/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c
|
|
+++ b/subprojects/gst-plugins-good/gst/isomp4/qtdemux.c
|
|
@@ -5826,7 +5826,7 @@ extract_cc_from_data (QtDemuxStream * stream, const guint8 * data, gsize size,
|
|
goto invalid_cdat;
|
|
atom_length = QT_UINT32 (data);
|
|
fourcc = QT_FOURCC (data + 4);
|
|
- if (G_UNLIKELY (atom_length > size || atom_length == 8))
|
|
+ if (G_UNLIKELY (atom_length > size || atom_length <= 8))
|
|
goto invalid_cdat;
|
|
|
|
GST_DEBUG_OBJECT (stream->pad, "here");
|
|
--
|
|
2.47.0
|
|
|