mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

gstreamer1.0-plugins-base: fix CVE-2025-47808

Browse Source 
Upstream-Status: Backport from 6b19f11751

(From OE-Core rev: 2611a16cad53d2bf0cda2946678e7d31e3ffa007)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Hitendra Prajapati
2025-08-11 18:19:24 +05:30
committed by Steve Sakoman
parent 2cc9a0249b
commit ba10ae532a
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch Normal file
View File

@@ -0,0 +1,36 @@
From 6b19f117518a765a25c99d1c4b09f2838a8ed0c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 8 May 2025 09:04:52 +0300
Subject: [PATCH] tmplayer: Don't append NULL + 1 to the string buffer when
parsing lines without text
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4417
Fixes CVE-2025-47808
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132>
CVE: CVE-2025-47808
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6b19f117518a765a25c99d1c4b09f2838a8ed0c9]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
gst/subparse/tmplayerparse.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/gst/subparse/tmplayerparse.c b/gst/subparse/tmplayerparse.c
index 807e332..a9225d3 100644
--- a/gst/subparse/tmplayerparse.c
+++ b/gst/subparse/tmplayerparse.c
@@ -125,7 +125,9 @@ tmplayer_parse_line (ParserState * state, const gchar * line, guint line_num)
* durations from the start times anyway, so as long as the parser just
* forwards state->start_time by duration after it pushes the line we
* are about to return it will all be good. */
- g_string_append (state->buf, text_start + 1);
+ if (text_start) {
+ g_string_append (state->buf, text_start + 1);
+ }
} else if (line_num > 0) {
GST_WARNING ("end of subtitle unit but no valid start time?!");
}
--
2.50.1

1
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
View File

@@ -19,6 +19,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \
file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \
file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \
file://CVE-2025-47808.patch \
"
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"