mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-12-18 14:26:43 +00:00
Code Issues 1 Projects Releases Wiki Activity

qtdemux: Avoid integer overflow when parsing Theora extension

Browse source 
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-166
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032>
This commit is contained in:
Sebastian Dröge 2024-09-26 22:16:06 +03:00 committed by Tim-Philipp Müller
parent f1cdc6f243
commit f8e398c46f
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
subprojects/gst-plugins-good/gst/isomp4/qtdemux.c
View file

@ -8822,7 +8822,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream,
end -= 8;
while (buf < end) {
gint size;
guint32 size;
guint32 type;
size = QT_UINT32 (buf);
@ -8830,7 +8830,7 @@ qtdemux_parse_theora_extension (GstQTDemux * qtdemux, QtDemuxStream * stream,
GST_LOG_OBJECT (qtdemux, "%p %p", buf, end);
if (buf + size > end || size <= 0)
if (end - buf < size || size < 8)
break;
buf += 8;