diff options
Diffstat (limited to 'media-libs/gst-plugins-ugly/files')
-rw-r--r-- | media-libs/gst-plugins-ugly/files/1.10.3-CVE-2017-5847.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/media-libs/gst-plugins-ugly/files/1.10.3-CVE-2017-5847.patch b/media-libs/gst-plugins-ugly/files/1.10.3-CVE-2017-5847.patch new file mode 100644 index 000000000000..078b8c087198 --- /dev/null +++ b/media-libs/gst-plugins-ugly/files/1.10.3-CVE-2017-5847.patch @@ -0,0 +1,46 @@ +From fe74dabd2c8dc2be54156729986ea38582e8c7ae Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Tue, 31 Jan 2017 13:50:21 +0200 +Subject: [PATCH] asfdemux: Check that we have enough data available before + parsing bool/uint extended content descriptors + +https://bugzilla.gnome.org/show_bug.cgi?id=777955 +--- + gst/asfdemux/gstasfdemux.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/gst/asfdemux/gstasfdemux.c b/gst/asfdemux/gstasfdemux.c +index 255a427..b8d48ad 100644 +--- a/gst/asfdemux/gstasfdemux.c ++++ b/gst/asfdemux/gstasfdemux.c +@@ -3439,7 +3439,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data, + break; + } + case ASF_DEMUX_DATA_TYPE_DWORD:{ +- guint uint_val = GST_READ_UINT32_LE (value); ++ guint uint_val; ++ ++ if (value_len < 4) ++ break; ++ ++ uint_val = GST_READ_UINT32_LE (value); + + /* this is the track number */ + g_value_init (&tag_value, G_TYPE_UINT); +@@ -3453,7 +3458,12 @@ gst_asf_demux_process_ext_content_desc (GstASFDemux * demux, guint8 * data, + } + /* Detect 3D */ + case ASF_DEMUX_DATA_TYPE_BOOL:{ +- gboolean bool_val = GST_READ_UINT32_LE (value); ++ gboolean bool_val; ++ ++ if (value_len < 4) ++ break; ++ ++ bool_val = GST_READ_UINT32_LE (value); + + if (strncmp ("Stereoscopic", name_utf8, strlen (name_utf8)) == 0) { + if (bool_val) { +-- +2.10.1 + |