Commit graph

121201 commits

Author SHA1 Message Date
Sebastian Dröge
19359e2b25 qtdemux: Make sure there are enough offsets to read when parsing samples
While this specific case is also caught when initializing co_chunk, the error
is ignored in various places and calling into the function would lead to out of
bounds reads if the error message doesn't cause the pipeline to be shut down
fast enough.

To avoid this, no matter what, make sure enough offsets are available when
parsing them. While this is potentially slower, the same is already done in the
non-chunks_are_samples case.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-245
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Sebastian Dröge
4a0e8bf92b qtdemux: Fix error handling when parsing cenc sample groups fails
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-238, GHSL-2024-239, GHSL-2024-240
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3846

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Sebastian Dröge
98f3934c48 qtdemux: Fix length checks and offsets in stsd entry parsing
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-242
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3845

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Sebastian Dröge
c1cd838706 qtdemux: Make sure enough data is available before reading wave header node
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-236
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3843

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Sebastian Dröge
1d534ac209 qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data
An odd number of bytes would lead to out of bound reads and writes, and doesn't
make any sense as CEA608 comes in byte pairs.

Strip off any leftover bytes and assume everything before that is valid.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-195
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3841

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Sebastian Dröge
5a9e80c01b qtdemux: Check sizes of stsc/stco/stts before trying to merge entries
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-246
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3854

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Sebastian Dröge
0f4dae9b01 qtdemux: Don't iterate over all trun entries if none of the flags are set
Nothing would be printed anyway.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Sebastian Dröge
cbd659c58f qtdemux: Fix debug output during trun parsing
Various integers are unsigned so print them as such. Also print the actual
allocation size if allocation fails, not only parts of it.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Antonio Morales
ae61a604c0 qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4
This can lead to out of bounds writes and NULL pointer dereferences.

Fixes GHSL-2024-094, GHSL-2024-237, GHSL-2024-241
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3839

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
Sebastian Dröge
474eb62d85 matroskademux: Put a copy of the codec data into the A_MS/ACM caps
The original codec data buffer is owned by matroskademux and does not
necessarily live as long as the caps.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-280
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3894

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057>
2024-12-03 20:02:52 +00:00
Sebastian Dröge
b84a0f3263 matroskademux: Skip over zero-sized Xiph stream headers
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-251
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3867

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057>
2024-12-03 20:02:52 +00:00
Sebastian Dröge
c20eff779d matroskademux: Skip over laces directly when postprocessing the frame fails
Otherwise NULL buffers might be handled afterwards.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-249
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057>
2024-12-03 20:02:52 +00:00
Sebastian Dröge
395f2b3ffd matroskademux: Don't take data out of an empty adapter when processing WavPack frames
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-249
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057>
2024-12-03 20:02:52 +00:00
Sebastian Dröge
8aa1c185cf matroskademux: Check for big enough WavPack codec private data before accessing it
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-250
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3866

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057>
2024-12-03 20:02:52 +00:00
Sebastian Dröge
b7ad9a2c5d matroskademux: Fix off-by-one when parsing multi-channel WavPack
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057>
2024-12-03 20:02:52 +00:00
Sebastian Dröge
c0dceda8e9 matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-197
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3863

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057>
2024-12-03 20:02:51 +00:00
Sebastian Dröge
0870e87c7c avisubtitle: Fix size checks and avoid overflows when checking sizes
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-262
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3890

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043>
2024-12-03 18:57:06 +00:00
Sebastian Dröge
4f381d1501 wavparse: Check size before reading ds64 chunk
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-261
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3889

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
2024-12-03 18:03:43 +00:00
Sebastian Dröge
526d0eef0d wavparse: Fix clipping of size to the file size
The size does not include the 8 bytes tag and length, so an additional 8 bytes
must be removed here. 8 bytes are always available at this point because
otherwise the parsing of the tag and length right above would've failed.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-260
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
2024-12-03 18:03:43 +00:00
Sebastian Dröge
93d79c22a8 wavparse: Check that at least 32 bytes are available before parsing smpl chunks
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-259
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3887

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
2024-12-03 18:03:43 +00:00
Sebastian Dröge
c72025cabd wavparse: Check that at least 4 bytes are available before parsing cue chunks
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
2024-12-03 18:03:43 +00:00
Sebastian Dröge
296e17b4ea wavparse: Fix parsing of acid chunk
Simply casting the bytes to a struct can lead to crashes because of unaligned
reads, and is also missing the endianness swapping that is necessary on big
endian architectures.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
2024-12-03 18:03:43 +00:00
Sebastian Dröge
4c198f4891 wavparse: Make sure enough data for the tag list tag is available before parsing
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-258
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
2024-12-03 18:03:43 +00:00
Sebastian Dröge
13b48016b3 wavparse: Check for short reads when parsing headers in pull mode
And also return the actual flow return to the caller instead of always returning
GST_FLOW_ERROR.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-258, GHSL-2024-260
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
2024-12-03 18:03:43 +00:00
Sebastian Dröge
1d1c9d63be gdkpixbufdec: Check if initializing the video info actually succeeded
Otherwise a 0-byte buffer would be allocated, which gives NULL memory when
mapped.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-118
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3876

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041>
2024-12-03 16:46:04 +00:00
Sebastian Dröge
3cdf206f4f jpegdec: Directly error out on negotiation failures
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-247
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3862

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040>
2024-12-03 15:26:04 +00:00
Sebastian Dröge
5093691ef2 vorbisdec: Set at most 64 channels to NONE position
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-115
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035>
2024-12-03 14:30:41 +00:00
Sebastian Dröge
4c40f73b70 subparse: Check for NULL return of strchr() when parsing LRC subtitles
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-263
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039>
2024-12-03 13:13:40 +00:00
Sebastian Dröge
403b10eba0 ssaparse: Don't use strstr() on strings that are potentially not NULL-terminated
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
2024-12-03 12:03:49 +00:00
Sebastian Dröge
15bb318416 ssaparse: Search for closing brace after opening brace
Otherwise removing anything between the braces leads to out of bound writes if
there is a closing brace before the first opening brace.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-228
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036>
2024-12-03 12:03:49 +00:00
Sebastian Dröge
aa07d94c10 discoverer: Don't print channel layout for more than 64 channels
64+ channels are always unpositioned / unknown layout.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-248
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034>
2024-12-03 10:33:22 +00:00
Mathieu Duponchelle
e633ec6428 oggstream: review and fix per-format min_packet_size
This addresses all manually detected invalid reads in setup functions.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
2024-12-03 08:59:25 +00:00
Mathieu Duponchelle
006047a23a vorbis_parse: check writes to GstOggStream.vorbis_mode_sizes
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-117 Fixes gstreamer#3875

Also perform out-of-bounds check for accesses to op->packet

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038>
2024-12-03 08:59:25 +00:00
Sebastian Dröge
2838374d6e opusdec: Set at most 64 channels to NONE position
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-116
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
2024-12-03 08:09:09 +00:00
Sebastian Dröge
537161868f id3v2: Don't try parsing extended header if not enough data is available
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-235
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033>
2024-12-03 03:29:34 +00:00
Sebastian Dröge
f8e398c46f qtdemux: Avoid integer overflow when parsing Theora extension
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-166
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032>
2024-12-03 02:24:16 +00:00
Sebastian Dröge
f1cdc6f243 allocator: Avoid integer overflow when allocating sysmem
Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-166
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032>
2024-12-03 02:24:16 +00:00
Jakub Adam
2209d4382f gldownload: warn on fallback from DMABuf to system memory
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8013>
2024-12-02 20:25:37 +00:00
Nicolas Dufresne
85969fdaa7 level: Fix integer overflow when filling LevelMeta
The level in GstAudioLevelMeta is represented as a signed 8bit value from 0 to
127 (with 127 meaning silence). When converting from double, make sure to clip
the value, this also prevent integer overflow in the conversion. This fixes an
issue where a lower then -127db is reported and random level with near silent
streams (due to integer overflow).

Fixes #4068

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8012>
2024-12-02 19:08:49 +00:00
Pablo Sun
4507f92b0d kmssink: Add mediatek auto-detection
Add MediaTek display controller into list of
auto-detected modules.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8023>
2024-12-02 16:43:45 +00:00
Xavier Claessens
fa57d776d8 videorate: convert next_ts to new segment instead of restarting from 0
When receiving a new segment we should not restart PTS from the new
segment' start. Instead convert current position into the new segment if
possible.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7977>
2024-12-02 15:45:20 +00:00
Xavier Claessens
bfc4812bbe audiorate: convert next_ts to new segment instead of restarting from 0
When receiving a new segment we should not restart PTS from the new
segment' start. Instead convert current position into the new segment if
possible.

Fixes: #4060
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7977>
2024-12-02 15:45:20 +00:00
Xavier Claessens
0d8bdaaf17 audiorate: Always push updated segment
Convert segment to TIME format immediately instead of waiting for
_chain() to be called. This fixes converted segment never being pushed
downstream.

Fix the convert function that was copying some fields in the wrong
direction. Add fast copy if segment is already in TIME format.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7977>
2024-12-02 15:45:20 +00:00
Alicia Boya García
fbad7b593d validate-scenario: Fix busy waiting, missing lock
execute_next_action_full() logs that it removes the source when an
action returns ASYNC, but the code for that was incomplete, as it was
setting source_id to zero but not actually removing the source.

This lead to execute_next_action_full() being run continuously, only
alliviated by the default 10ms interval in the GSource from
`scenario->priv->action_execution_interval`.

This patch fixes that. As a drive-by fix it also adds locking to one
remaining unlocked usage of `priv->execute_actions_source_id`.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8014>
2024-12-02 14:36:59 +00:00
Philippe Normand
c683cdc914 rtp: Fix precision loss in gst_rtcp_ntp_to_unix()
Without this patch the UNIX timestamp resulting from the translation from NTP
would be off by one nano-second.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8010>
2024-12-02 10:24:01 +00:00
Sebastian Dröge
1ee349f986 systemclock: Don't keep the clock entry locked while getting the time from the clock
gst_clock_get_time() will take the clock mutex, which would then result in a lock
order violation and possible deadlocks. If both mutexes are to be locked, the
clock must always be locked first.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7994>
2024-12-02 08:21:59 +00:00
Sebastian Dröge
ec698179a9 systemclock: Get rid of conditional unlocking of the clock entries
At every point it is known whether the entry needs to be unlocked or not.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7994>
2024-12-02 08:21:59 +00:00
Sebastian Dröge
4447114713 systemclock: Remove confusing conditional unlock
At this point the entry is always locked and needs to be unlocked.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7994>
2024-12-02 08:21:59 +00:00
Sebastian Dröge
37b9bfdd2e systemclock: Use a flag while waiting for the async thread to start
Otherwise there can be spurious wakeups.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7994>
2024-12-02 08:21:59 +00:00
Sebastian Dröge
3cdc14df99 flvmux: Fix off-by-one in month/day-of-the-week array
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4074

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8017>
2024-12-01 09:49:29 +00:00