mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2025-06-05 06:58:56 +00:00
Code Issues 1 Projects Releases Wiki Activity

qtdemux: Add size check for parsing SMI / SEQH atom

Browse source 
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-244
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3853

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8109>
This commit is contained in:
Sebastian Dröge 2024-09-27 00:31:36 +03:00 committed by Backport Bot
parent 3153fda823
commit 3ce1b812a9
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
subprojects/gst-plugins-good/gst/isomp4/qtdemux.c
View file

@ -10633,8 +10633,9 @@ qtdemux_parse_svq3_stsd_data (GstQTDemux * qtdemux,
GST_WARNING_OBJECT (qtdemux, "Unexpected second SEQH SMI atom "
" found, ignoring");
} else {
/* Note: The size does *not* include the fourcc and the size field itself */
seqh_size = QT_UINT32 (data + 4);
if (seqh_size > 0) {
if (seqh_size > 0 && seqh_size <= size - 8) {
_seqh = gst_buffer_new_and_alloc (seqh_size);
gst_buffer_fill (_seqh, 0, data + 8, seqh_size);
}