mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-18 21:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

gst-plugins-bad: fix CVE-2015-0797

Browse Source 
Backport patch from debian to fix CVE-2015-0797.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784220
https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch

Backported to oe-core fido from meta-oe/meta-multimedia:

http://git.openembedded.org/meta-openembedded/commit/?id=6cb3b63559bf33946f1c5d43626413d9a651e83f

(From OE-Core rev: 7aa1090d22459bff1159f8193b60166a079d5bd6)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Kang Kai
2015-06-29 23:06:49 -07:00
committed by Richard Purdie
parent 010a940ba1
commit 0e2c483f7d
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch Normal file
View File

@@ -0,0 +1,36 @@
Description: Fix buffer overflow in mp4 parsing
Author: Ralph Giles <giles@mozilla.com>
---
Backport patch from debian to fix CVE-2015-0797.
https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch
Upstream-Status: Backport
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
--- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c
+++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c
@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse *
GST_DEBUG_OBJECT (h264parse, "nal length %d", size);
+ if (size > G_MAXUINT32 - nl) {
+ GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL),
+ ("overflow in nal size"));
+ return NULL;
+ }
buf = gst_buffer_new_and_alloc (size + nl + 4);
if (format == GST_H264_PARSE_FORMAT_AVC) {
GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl));
@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse
GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size);
return;
}
+ if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) {
+ GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)",
+ nalu->size);
+ return;
+ }
/* we have a peek as well */
nal_type = nalu->type;

2
meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb
View File

@@ -10,6 +10,8 @@ DEPENDS += "gst-plugins-base"
PR = "r4"
SRC_URI += "file://buffer-overflow-mp4.patch"
inherit gettext gsettings
EXTRA_OECONF += "--disable-experimental \