File gstreamer-0_10-plugins-bad-mp4-overflow.patch of Package gstreamer-0_10-plugins-bad.585

Overview Repositories Revisions Requests Users Attributes Meta

File gstreamer-0_10-plugins-bad-mp4-overflow.patch of Package gstreamer-0_10-plugins-bad.585

From: Ralph Giles <giles@mozilla.com>
Subject: Fix buffer overflow in mp4 parsing

--- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c
+++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c
@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse *
 
   GST_DEBUG_OBJECT (h264parse, "nal length %d", size);
 
+  if (size > G_MAXUINT32 - nl) {
+    GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL),
+        ("overflow in nal size"));
+    return NULL;
+  }
   buf = gst_buffer_new_and_alloc (size + nl + 4);
   if (format == GST_H264_PARSE_FORMAT_AVC) {
     GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl));
@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse
     GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size);
     return;
   }
+  if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) {
+    GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)",
+        nalu->size);
+    return;
+  }
 
   /* we have a peek as well */
   nal_type = nalu->type;

Places

File gstreamer-0_10-plugins-bad-mp4-overflow.patch of Package gstreamer-0_10-plugins-bad.585

Places