gstreamer/subprojects
Sebastian Dröge 14d306da6d qtdemux: Fix integer overflows in zlib decompression code
Various variables were of smaller types than needed and there were no
checks for any overflows when doing additions on the sizes. This is all
checked now.

In addition the size of the decompressed data is limited to 200MB now as
any larger sizes are likely pathological and we can avoid out of memory
situations in many cases like this.

Also fix a bug where the available output size on the next iteration in
the zlib decompression code was provided too large and could
potentially lead to out of bound writes.

Thanks to Adam Doupe for analyzing and reporting the issue.

CVE: tbd

https://gstreamer.freedesktop.org/security/sa-2022-0003.html

Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2610>
2022-06-15 17:50:55 +00:00
..
gst-devtools Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gst-docs Docs: Add the design document for DMA buffer sharing. 2022-06-07 02:28:49 +00:00
gst-editing-services Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gst-examples gst-examples: continue if webrtc deps are not satisfied 2022-05-14 09:49:33 +00:00
gst-integration-testsuites test: update tests to include the new meta 2022-06-03 08:29:05 +00:00
gst-libav libav: fix frame leak on negotiation error 2022-04-18 07:13:09 +00:00
gst-omx Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gst-plugins-bad decklinkvideosink: Fix selection of > PAL widescreen modes 2022-06-15 13:23:51 +00:00
gst-plugins-base decodebin3: fix EOS event sequence 2022-06-15 07:19:30 +00:00
gst-plugins-good qtdemux: Fix integer overflows in zlib decompression code 2022-06-15 17:50:55 +00:00
gst-plugins-ugly Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gst-python pythonplugin: fails silently on plugin issue 2022-04-28 08:57:47 +00:00
gst-rtsp-server Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gstreamer queuearray: Fix potential heap overflow when expanding GstQueueArray 2022-06-15 15:42:40 +00:00
gstreamer-sharp gstreamer-sharp: apply new code style to alll sources 2022-04-05 08:28:50 +00:00
gstreamer-vaapi vaapi: Do not disable the whole vpp when some va operations not available. 2022-06-15 03:47:36 +00:00
macos-bison-binary
win-flex-bison-binaries
win-nasm
avtp.wrap subprojects/avtp: Update to latest avtp 0.2.0 2022-03-18 22:49:16 +00:00
bindinator.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
cairo.wrap meson: Build cairo subproject when unavailable on the system 2022-01-21 06:34:33 +00:00
dav1d.wrap
dssim.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
dv.wrap
expat.wrap Update wrap files from latest wrapdb version 2022-03-07 17:47:09 +00:00
fdk-aac.wrap subprojects: fdk-aac: add fallback_url 2021-10-28 23:29:27 +00:00
FFmpeg.wrap wraps:ffmpeg: Move to 4.4 2021-10-15 02:32:40 +00:00
fontconfig.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
freetype2.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
fribidi.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
gl-headers.wrap Move files from gst-plugins-base into the "subprojects/gst-plugins-base/" subdir 2021-09-24 16:13:26 -03:00
glib-networking.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
glib.wrap meson: Update subprojects to fix warnings 2022-01-25 14:25:19 +05:30
graphene.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
gst-plugins-rs.wrap subprojects: Switch gst-plugins-rs.wrap to the main branch 2022-02-16 09:54:07 +02:00
gtk-sharp.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
harfbuzz.wrap
json-glib.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
lame.wrap subprojects/lame: Update to latest wrap 2022-01-28 02:01:39 +05:30
libdrm.wrap meson: Update subprojects to fix warnings 2022-01-25 14:25:19 +05:30
libffi.wrap
libjpeg-turbo.wrap Update wrap files from latest wrapdb version 2022-03-07 17:47:09 +00:00
libmicrodns.wrap
libnice.wrap subprojects: Update libnice to 0.1.19 2022-05-03 18:49:36 -04:00
libopenjp2.wrap Update openjp2 and libxml2 from wrapdb 2022-03-31 14:19:46 -04:00
libpng.wrap subprojects/libpng: Update to latest wrap file 2022-01-28 02:01:39 +05:30
libpsl.wrap
libsoup.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
libwpe.wrap
libxml2.wrap Update openjp2 and libxml2 from wrapdb 2022-03-31 14:19:46 -04:00
ogg.wrap subprojects: Update ogg and vorbis wraps 2021-10-19 17:42:21 +00:00
openh264.wrap Update openh264 wrap to v2.2.0 + fixes from master 2022-04-09 21:44:42 +01:00
opus.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
orc.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
pango.wrap
pcre.wrap subprojects/pcre: Add the wrap so it's cached in the image 2022-01-28 02:01:39 +05:30
pixman.wrap meson: Update subprojects to fix warnings 2022-01-25 14:25:19 +05:30
proxy-libintl.wrap Update proxy-libintl wrap to 0.4 2022-04-22 15:36:40 +00:00
pycairo.wrap
pygobject.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
sqlite3.wrap Update wrap files from latest wrapdb version 2022-03-07 17:47:09 +00:00
vorbis.wrap subprojects: Update ogg and vorbis wraps 2021-10-19 17:42:21 +00:00
webrtc-audio-processing.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
wpebackend-fdo.wrap
x264.wrap
zlib.wrap Update wrap files from latest wrapdb version 2022-03-07 17:47:09 +00:00