diff options
Diffstat (limited to 'media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch')
| -rw-r--r-- | media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch b/media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch deleted file mode 100644 index b1e323b9c0ec..000000000000 --- a/media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Ralph Giles <giles@mozilla.com> -Subject: Fix buffer overflow in mp4 parsing - ---- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c -+++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c -@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse * - - GST_DEBUG_OBJECT (h264parse, "nal length %d", size); - -+ if (size > G_MAXUINT32 - nl) { -+ GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL), -+ ("overflow in nal size")); -+ return NULL; -+ } - buf = gst_buffer_new_and_alloc (size + nl + 4); - if (format == GST_H264_PARSE_FORMAT_AVC) { - GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl)); -@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse - GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size); - return; - } -+ if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) { -+ GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)", -+ nalu->size); -+ return; -+ } - - /* we have a peek as well */ - nal_type = nalu->type; - |