Sebastian Dröge
19359e2b25
qtdemux: Make sure there are enough offsets to read when parsing samples
...
While this specific case is also caught when initializing co_chunk, the error
is ignored in various places and calling into the function would lead to out of
bounds reads if the error message doesn't cause the pipeline to be shut down
fast enough.
To avoid this, no matter what, make sure enough offsets are available when
parsing them. While this is potentially slower, the same is already done in the
non-chunks_are_samples case.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-245
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Sebastian Dröge
4a0e8bf92b
qtdemux: Fix error handling when parsing cenc sample groups fails
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-238, GHSL-2024-239, GHSL-2024-240
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3846
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Sebastian Dröge
98f3934c48
qtdemux: Fix length checks and offsets in stsd entry parsing
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-242
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3845
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Sebastian Dröge
c1cd838706
qtdemux: Make sure enough data is available before reading wave header node
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-236
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3843
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Sebastian Dröge
1d534ac209
qtdemux: Make sure only an even number of bytes is processed when handling CEA608 data
...
An odd number of bytes would lead to out of bound reads and writes, and doesn't
make any sense as CEA608 comes in byte pairs.
Strip off any leftover bytes and assume everything before that is valid.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-195
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3841
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Sebastian Dröge
5a9e80c01b
qtdemux: Check sizes of stsc/stco/stts before trying to merge entries
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-246
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3854
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Sebastian Dröge
0f4dae9b01
qtdemux: Don't iterate over all trun entries if none of the flags are set
...
Nothing would be printed anyway.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Sebastian Dröge
cbd659c58f
qtdemux: Fix debug output during trun parsing
...
Various integers are unsigned so print them as such. Also print the actual
allocation size if allocation fails, not only parts of it.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Antonio Morales
ae61a604c0
qtdemux: Fix integer overflow when allocating the samples table for fragmented MP4
...
This can lead to out of bounds writes and NULL pointer dereferences.
Fixes GHSL-2024-094, GHSL-2024-237, GHSL-2024-241
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3839
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 >
2024-12-03 21:01:41 +00:00
Sebastian Dröge
474eb62d85
matroskademux: Put a copy of the codec data into the A_MS/ACM caps
...
The original codec data buffer is owned by matroskademux and does not
necessarily live as long as the caps.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-280
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3894
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 >
2024-12-03 20:02:52 +00:00
Sebastian Dröge
b84a0f3263
matroskademux: Skip over zero-sized Xiph stream headers
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-251
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3867
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 >
2024-12-03 20:02:52 +00:00
Sebastian Dröge
c20eff779d
matroskademux: Skip over laces directly when postprocessing the frame fails
...
Otherwise NULL buffers might be handled afterwards.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-249
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 >
2024-12-03 20:02:52 +00:00
Sebastian Dröge
395f2b3ffd
matroskademux: Don't take data out of an empty adapter when processing WavPack frames
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-249
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 >
2024-12-03 20:02:52 +00:00
Sebastian Dröge
8aa1c185cf
matroskademux: Check for big enough WavPack codec private data before accessing it
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-250
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3866
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 >
2024-12-03 20:02:52 +00:00
Sebastian Dröge
b7ad9a2c5d
matroskademux: Fix off-by-one when parsing multi-channel WavPack
...
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 >
2024-12-03 20:02:52 +00:00
Sebastian Dröge
c0dceda8e9
matroskademux: Only unmap GstMapInfo in WavPack header extraction error paths if previously mapped
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-197
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3863
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 >
2024-12-03 20:02:51 +00:00
Sebastian Dröge
0870e87c7c
avisubtitle: Fix size checks and avoid overflows when checking sizes
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-262
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3890
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043 >
2024-12-03 18:57:06 +00:00
Sebastian Dröge
4f381d1501
wavparse: Check size before reading ds64 chunk
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-261
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3889
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 >
2024-12-03 18:03:43 +00:00
Sebastian Dröge
526d0eef0d
wavparse: Fix clipping of size to the file size
...
The size does not include the 8 bytes tag and length, so an additional 8 bytes
must be removed here. 8 bytes are always available at this point because
otherwise the parsing of the tag and length right above would've failed.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-260
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 >
2024-12-03 18:03:43 +00:00
Sebastian Dröge
93d79c22a8
wavparse: Check that at least 32 bytes are available before parsing smpl chunks
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-259
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3887
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 >
2024-12-03 18:03:43 +00:00
Sebastian Dröge
c72025cabd
wavparse: Check that at least 4 bytes are available before parsing cue chunks
...
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 >
2024-12-03 18:03:43 +00:00
Sebastian Dröge
296e17b4ea
wavparse: Fix parsing of acid chunk
...
Simply casting the bytes to a struct can lead to crashes because of unaligned
reads, and is also missing the endianness swapping that is necessary on big
endian architectures.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 >
2024-12-03 18:03:43 +00:00
Sebastian Dröge
4c198f4891
wavparse: Make sure enough data for the tag list tag is available before parsing
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-258
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 >
2024-12-03 18:03:43 +00:00
Sebastian Dröge
13b48016b3
wavparse: Check for short reads when parsing headers in pull mode
...
And also return the actual flow return to the caller instead of always returning
GST_FLOW_ERROR.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-258, GHSL-2024-260
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3888
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 >
2024-12-03 18:03:43 +00:00
Sebastian Dröge
1d1c9d63be
gdkpixbufdec: Check if initializing the video info actually succeeded
...
Otherwise a 0-byte buffer would be allocated, which gives NULL memory when
mapped.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-118
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3876
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041 >
2024-12-03 16:46:04 +00:00
Sebastian Dröge
3cdf206f4f
jpegdec: Directly error out on negotiation failures
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-247
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3862
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040 >
2024-12-03 15:26:04 +00:00
Sebastian Dröge
5093691ef2
vorbisdec: Set at most 64 channels to NONE position
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-115
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035 >
2024-12-03 14:30:41 +00:00
Sebastian Dröge
4c40f73b70
subparse: Check for NULL return of strchr() when parsing LRC subtitles
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-263
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039 >
2024-12-03 13:13:40 +00:00
Sebastian Dröge
403b10eba0
ssaparse: Don't use strstr() on strings that are potentially not NULL-terminated
...
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036 >
2024-12-03 12:03:49 +00:00
Sebastian Dröge
15bb318416
ssaparse: Search for closing brace after opening brace
...
Otherwise removing anything between the braces leads to out of bound writes if
there is a closing brace before the first opening brace.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-228
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3870
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036 >
2024-12-03 12:03:49 +00:00
Sebastian Dröge
aa07d94c10
discoverer: Don't print channel layout for more than 64 channels
...
64+ channels are always unpositioned / unknown layout.
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-248
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3864
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034 >
2024-12-03 10:33:22 +00:00
Mathieu Duponchelle
e633ec6428
oggstream: review and fix per-format min_packet_size
...
This addresses all manually detected invalid reads in setup functions.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038 >
2024-12-03 08:59:25 +00:00
Mathieu Duponchelle
006047a23a
vorbis_parse: check writes to GstOggStream.vorbis_mode_sizes
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-117 Fixes gstreamer#3875
Also perform out-of-bounds check for accesses to op->packet
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038 >
2024-12-03 08:59:25 +00:00
Sebastian Dröge
2838374d6e
opusdec: Set at most 64 channels to NONE position
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-116
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037 >
2024-12-03 08:09:09 +00:00
Sebastian Dröge
537161868f
id3v2: Don't try parsing extended header if not enough data is available
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-235
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3842
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033 >
2024-12-03 03:29:34 +00:00
Sebastian Dröge
f8e398c46f
qtdemux: Avoid integer overflow when parsing Theora extension
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-166
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032 >
2024-12-03 02:24:16 +00:00
Sebastian Dröge
f1cdc6f243
allocator: Avoid integer overflow when allocating sysmem
...
Thanks to Antonio Morales for finding and reporting the issue.
Fixes GHSL-2024-166
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3851
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032 >
2024-12-03 02:24:16 +00:00
Jakub Adam
2209d4382f
gldownload: warn on fallback from DMABuf to system memory
...
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8013 >
2024-12-02 20:25:37 +00:00
Nicolas Dufresne
85969fdaa7
level: Fix integer overflow when filling LevelMeta
...
The level in GstAudioLevelMeta is represented as a signed 8bit value from 0 to
127 (with 127 meaning silence). When converting from double, make sure to clip
the value, this also prevent integer overflow in the conversion. This fixes an
issue where a lower then -127db is reported and random level with near silent
streams (due to integer overflow).
Fixes #4068
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8012 >
2024-12-02 19:08:49 +00:00
Pablo Sun
4507f92b0d
kmssink: Add mediatek auto-detection
...
Add MediaTek display controller into list of
auto-detected modules.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8023 >
2024-12-02 16:43:45 +00:00
Xavier Claessens
fa57d776d8
videorate: convert next_ts to new segment instead of restarting from 0
...
When receiving a new segment we should not restart PTS from the new
segment' start. Instead convert current position into the new segment if
possible.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7977 >
2024-12-02 15:45:20 +00:00
Xavier Claessens
bfc4812bbe
audiorate: convert next_ts to new segment instead of restarting from 0
...
When receiving a new segment we should not restart PTS from the new
segment' start. Instead convert current position into the new segment if
possible.
Fixes : #4060
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7977 >
2024-12-02 15:45:20 +00:00
Xavier Claessens
0d8bdaaf17
audiorate: Always push updated segment
...
Convert segment to TIME format immediately instead of waiting for
_chain() to be called. This fixes converted segment never being pushed
downstream.
Fix the convert function that was copying some fields in the wrong
direction. Add fast copy if segment is already in TIME format.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7977 >
2024-12-02 15:45:20 +00:00
Alicia Boya García
fbad7b593d
validate-scenario: Fix busy waiting, missing lock
...
execute_next_action_full() logs that it removes the source when an
action returns ASYNC, but the code for that was incomplete, as it was
setting source_id to zero but not actually removing the source.
This lead to execute_next_action_full() being run continuously, only
alliviated by the default 10ms interval in the GSource from
`scenario->priv->action_execution_interval`.
This patch fixes that. As a drive-by fix it also adds locking to one
remaining unlocked usage of `priv->execute_actions_source_id`.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8014 >
2024-12-02 14:36:59 +00:00
Philippe Normand
c683cdc914
rtp: Fix precision loss in gst_rtcp_ntp_to_unix()
...
Without this patch the UNIX timestamp resulting from the translation from NTP
would be off by one nano-second.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8010 >
2024-12-02 10:24:01 +00:00
Sebastian Dröge
1ee349f986
systemclock: Don't keep the clock entry locked while getting the time from the clock
...
gst_clock_get_time() will take the clock mutex, which would then result in a lock
order violation and possible deadlocks. If both mutexes are to be locked, the
clock must always be locked first.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7994 >
2024-12-02 08:21:59 +00:00
Sebastian Dröge
ec698179a9
systemclock: Get rid of conditional unlocking of the clock entries
...
At every point it is known whether the entry needs to be unlocked or not.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7994 >
2024-12-02 08:21:59 +00:00
Sebastian Dröge
4447114713
systemclock: Remove confusing conditional unlock
...
At this point the entry is always locked and needs to be unlocked.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7994 >
2024-12-02 08:21:59 +00:00
Sebastian Dröge
37b9bfdd2e
systemclock: Use a flag while waiting for the async thread to start
...
Otherwise there can be spurious wakeups.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7994 >
2024-12-02 08:21:59 +00:00
Sebastian Dröge
3cdc14df99
flvmux: Fix off-by-one in month/day-of-the-week array
...
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4074
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8017 >
2024-12-01 09:49:29 +00:00