mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-12-18 14:26:43 +00:00
Code Issues 1 Projects Releases Wiki Activity

avisubtitle: Fix size checks and avoid overflows when checking sizes

Browse source 
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-262
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3890

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043>
This commit is contained in:
Sebastian Dröge 2024-10-04 14:04:03 +03:00 committed by GStreamer Marge Bot
parent 4f381d1501
commit 0870e87c7c
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
subprojects/gst-plugins-good/gst/avi/gstavisubtitle.c
View file

@ -196,7 +196,7 @@ gst_avi_subtitle_parse_gab2_chunk (GstAviSubtitle * sub, GstBuffer * buf)
/* read 'name' of subtitle */
name_length = GST_READ_UINT32_LE (map.data + 5 + 2);
GST_LOG_OBJECT (sub, "length of name: %u", name_length);
if (map.size <= 17 + name_length)
if (G_MAXUINT32 - 17 < name_length || map.size < 17 + name_length)
goto wrong_name_length;
name_utf8 =
@ -216,7 +216,8 @@ gst_avi_subtitle_parse_gab2_chunk (GstAviSubtitle * sub, GstBuffer * buf)
file_length = GST_READ_UINT32_LE (map.data + 13 + name_length);
GST_LOG_OBJECT (sub, "length srt/ssa file: %u", file_length);
if (map.size < (17 + name_length + file_length))
if (G_MAXUINT32 - 17 - name_length < file_length
|| map.size < 17 + name_length + file_length)
goto wrong_total_length;
/* store this, so we can send it again after a seek; note that we shouldn't