calculate
/
gentoo-overlay
7
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0f881ef0da'
${ noResults }
gentoo-overlay/media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE...

31 lines
1.0 KiB
Raw Blame History

From: Ralph Giles <giles@mozilla.com>
Subject: Fix buffer overflow in mp4 parsing
--- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c
+++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c
@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse *
GST_DEBUG_OBJECT (h264parse, "nal length %d", size);
+ if (size > G_MAXUINT32 - nl) {
+ GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL),
+ ("overflow in nal size"));
+ return NULL;
+ }
buf = gst_buffer_new_and_alloc (size + nl + 4);
if (format == GST_H264_PARSE_FORMAT_AVC) {
GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl));
@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse
GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size);
return;
}
+ if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) {
+ GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)",
+ nalu->size);
+ return;
+ }
/* we have a peek as well */
nal_type = nalu->type;
Reference in new issue View Git Blame Copy Permalink