libreoffice/0001-CVE-2023-6185-escape-url-passed-to-gstreamer.patch
Eike Rathke 15f0103f76 Fix CVE-2023-6185 CVE-2023-6186
Resolves: RHEL-28591 RHEL-28595
Also RHEL-28592 RHEL-28596
2024-05-22 11:46:08 +02:00

70 lines
2.7 KiB
Diff

From 6167f5815aefa78a70517c8e2acbdd7b9c9be27d Mon Sep 17 00:00:00 2001
Message-ID: <6167f5815aefa78a70517c8e2acbdd7b9c9be27d.1703003067.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Fri, 3 Nov 2023 14:20:07 +0000
Subject: [PATCH] escape url passed to gstreamer
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Change-Id: I3c93ee34800cc8563370f75ef3ef6f8a9220e6ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158894
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit f41dcadf6492a6ffd32696d50f818e44355b9ad9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159583
erAck: backported to 7.1.8.1
---
avmedia/source/gstreamer/gstframegrabber.cxx | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-escape-url-passed-to-gstreamer.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-escape-url-passed-to-gstreamer.patch"
diff --git a/avmedia/source/gstreamer/gstframegrabber.cxx b/avmedia/source/gstreamer/gstframegrabber.cxx
index ece799d87530..25170a296e66 100644
--- a/avmedia/source/gstreamer/gstframegrabber.cxx
+++ b/avmedia/source/gstreamer/gstframegrabber.cxx
@@ -51,11 +51,9 @@ void FrameGrabber::disposePipeline()
FrameGrabber::FrameGrabber( const OUString &rURL ) :
FrameGrabber_BASE()
{
- gchar *pPipelineStr;
- pPipelineStr = g_strdup_printf(
- "uridecodebin uri=%s ! videoconvert ! videoscale ! appsink "
- "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"",
- OUStringToOString( rURL, RTL_TEXTENCODING_UTF8 ).getStr() );
+ const char pPipelineStr[] =
+ "uridecodebin name=source ! videoconvert ! videoscale ! appsink "
+ "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"";
GError *pError = nullptr;
mpPipeline = gst_parse_launch( pPipelineStr, &pError );
@@ -66,6 +64,12 @@ FrameGrabber::FrameGrabber( const OUString &rURL ) :
}
if( mpPipeline ) {
+
+ if (GstElement *pUriDecode = gst_bin_get_by_name(GST_BIN(mpPipeline), "source"))
+ g_object_set(pUriDecode, "uri", OUStringToOString(rURL, RTL_TEXTENCODING_UTF8).getStr(), nullptr);
+ else
+ g_warning("Missing 'source' element in gstreamer pipeline");
+
// pre-roll
switch( gst_element_set_state( mpPipeline, GST_STATE_PAUSED ) ) {
case GST_STATE_CHANGE_FAILURE:
--------------erAck-patch-parts--