gstreamer1-plugins-good/0002-matroskademux-Initialize-track-context-out-parameter.patch
Wim Taymans 938fd253a8 CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606,
CVE-2024-47613
  Resolves: RHEL-70949, RHEL-70962, RHEL-70936, RHEL-71022
  Resolves: RHEL-70998
2024-12-16 16:13:39 +01:00

39 lines
1.4 KiB
Diff

From a88489c4bc2a807912a12398c04c0fc8579037df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Wed, 3 Mar 2021 11:31:52 +0200
Subject: [PATCH 2/9] matroskademux: Initialize track context out parameter to
NULL before parsing
Various error return paths don't set it to NULL and callers are only
checking if the pointer is NULL. As it's allocated on the stack this
usually contains random stack memory, and more often than not the memory
of a previously parsed track.
This then causes all kinds of memory corruptions further down the line.
Thanks to Natalie Silvanovich for reporting.
Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues/858
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/904>
---
gst/matroska/matroska-demux.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
index 5e724c8e0..f890ae611 100644
--- a/gst/matroska/matroska-demux.c
+++ b/gst/matroska/matroska-demux.c
@@ -660,6 +660,8 @@ gst_matroska_demux_parse_stream (GstMatroskaDemux * demux, GstEbmlRead * ebml,
DEBUG_ELEMENT_START (demux, ebml, "TrackEntry");
+ *dest_context = NULL;
+
/* start with the master */
if ((ret = gst_ebml_read_master (ebml, &id)) != GST_FLOW_OK) {
DEBUG_ELEMENT_STOP (demux, ebml, "TrackEntry", ret);
--
2.47.0