mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-20 00:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

gstreamer1.0-plugins-bad: fix CVE-2024-0444

Browse Source 
(From OE-Core rev: e261dfd6e547aa28e115cb9e8e9150c56d39035b)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
2024-05-03 11:41:54 +00:00
committed by Steve Sakoman
parent 645aff93b3
commit c4612ee606
2 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2024-0444.patch Normal file
View File

@@ -0,0 +1,42 @@
From 394d5066f8a7b728df02fe9084e955b2f7d7f6fe Mon Sep 17 00:00:00 2001
From: Seungha Yang <seungha@centricular.com>
Date: Wed, 10 Jan 2024 03:33:59 +0900
Subject: [PATCH] av1parser: Fix potential stack overflow during tile list
parsing
The tile_count_minus_1 must be less than or equal to 511 as specified
in spec "6.11.1 General tile list OBU semantics"
Fixes #3214 / CVE-2024-0444 / ZDI-CAN-22873
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5971>
CVE: CVE-2024-0444
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728]
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
gst-libs/gst/codecparsers/gstav1parser.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gst-libs/gst/codecparsers/gstav1parser.c b/gst-libs/gst/codecparsers/gstav1parser.c
index 68f8a76..bab404e 100644
--- a/gst-libs/gst/codecparsers/gstav1parser.c
+++ b/gst-libs/gst/codecparsers/gstav1parser.c
@@ -4352,6 +4352,13 @@ gst_av1_parser_parse_tile_list_obu (GstAV1Parser * parser,
tile_list->output_frame_width_in_tiles_minus_1 = AV1_READ_BITS (br, 8);
tile_list->output_frame_height_in_tiles_minus_1 = AV1_READ_BITS (br, 8);
tile_list->tile_count_minus_1 = AV1_READ_BITS (br, 16);
+ if (tile_list->tile_count_minus_1 + 1 > GST_AV1_MAX_TILE_COUNT) {
+ GST_WARNING ("Invalid tile_count_minus_1 %d",
+ tile_list->tile_count_minus_1);
+ retval = GST_AV1_PARSER_BITSTREAM_ERROR;
+ goto error;
+ }
+
for (tile = 0; tile <= tile_list->tile_count_minus_1; tile++) {
if (AV1_REMAINING_BITS (br) < 8 + 8 + 8 + 16) {
retval = GST_AV1_PARSER_NO_MORE_DATA;
--
2.40.0

1
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.20.7.bb
View File

@@ -14,6 +14,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad
file://CVE-2023-40475.patch \
file://CVE-2023-40476.patch \
file://CVE-2023-44429.patch \
file://CVE-2024-0444.patch \
"
SRC_URI[sha256sum] = "87251beebfd1325e5118cc67774061f6e8971761ca65a9e5957919610080d195"