Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
gstreamer-plugins-good.30114
0001-flacparse-Avoid-integer-overflow-in-availa...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-flacparse-Avoid-integer-overflow-in-available-data-check.patch of Package gstreamer-plugins-good.30114
From dbbfc917fe616ff3343a03fc8e9533d39777ce6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> Date: Tue, 13 Jun 2023 13:20:16 +0300 Subject: [PATCH 1/2] flacparse: Avoid integer overflow in available data check for image tags If the image length as stored in the file is some bogus integer then adding it to the current byte readers position can overflow and wrongly have the check for enough available data succeed. This then later can cause NULL pointer dereferences or out of bounds reads/writes when actually reading the image data. Fixes ZDI-CAN-20775 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2661 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894> --- .../gst-plugins-good/gst/audioparsers/gstflacparse.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gst/audioparsers/gstflacparse.c b/gst/audioparsers/gstflacparse.c index a53b7ebc776..8ee450c65ac 100644 --- a/gst/audioparsers/gstflacparse.c +++ b/gst/audioparsers/gstflacparse.c @@ -1111,6 +1111,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) GstMapInfo map; guint32 img_len = 0, img_type = 0; guint32 img_mimetype_len = 0, img_description_len = 0; + const guint8 *img_data; gst_buffer_map (buffer, &map, GST_MAP_READ); gst_byte_reader_init (&reader, map.data, map.size); @@ -1137,7 +1138,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) if (!gst_byte_reader_get_uint32_be (&reader, &img_len)) goto error; - if (gst_byte_reader_get_pos (&reader) + img_len > map.size) + if (!gst_byte_reader_get_data (&reader, img_len, &img_data)) goto error; GST_INFO_OBJECT (flacparse, "Got image of %d bytes", img_len); @@ -1146,8 +1147,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) if (flacparse->tags == NULL) flacparse->tags = gst_tag_list_new_empty (); - gst_tag_list_add_id3_image (flacparse->tags, - map.data + gst_byte_reader_get_pos (&reader), img_len, img_type); + gst_tag_list_add_id3_image (flacparse->tags, img_data, img_len, img_type); } gst_buffer_unmap (buffer, &map); -- GitLab
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor