File 0001-flacparse-Avoid-integer-overflow-in-availa... of Package gstreamer-plugins-base.30109

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-flacparse-Avoid-integer-overflow-in-available-data-check.patch of Package gstreamer-plugins-base.30109

From 3144f63302520d271f5e3f1d61d62542eaff9976 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 13 Jun 2023 13:22:57 +0300
Subject: [PATCH 2/2] tags: Don't allow image tags with G_MAXUINT32 length

This will cause an integer overflow a little bit further down because we
allocate a bit more memory to allow for a NUL-terminator.

The caller should've avoided passing that much data in already as it's
not going to be a valid image and there's likely not even that much data
available.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894>
---
 subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gst-libs/gst/tag/tags.c b/gst-libs/gst/tag/tags.c
index 73e6bb4a369..d38a0c97f4f 100644
--- a/gst-libs/gst/tag/tags.c
+++ b/gst-libs/gst/tag/tags.c
@@ -530,7 +530,8 @@ gst_tag_image_data_to_image_sample (const guint8 * image_data,
   GstStructure *image_info = NULL;
 
   g_return_val_if_fail (image_data != NULL, NULL);
-  g_return_val_if_fail (image_data_len > 0, NULL);
+  g_return_val_if_fail (image_data_len > 0
+      || image_data_len == G_MAXUINT32, NULL);
   g_return_val_if_fail (gst_tag_image_type_is_valid (image_type), NULL);
 
   GST_DEBUG ("image data len: %u bytes", image_data_len);
-- 
GitLab

Places

File 0001-flacparse-Avoid-integer-overflow-in-available-data-check.patch of Package gstreamer-plugins-base.30109

Places