mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-12-18 22:36:33 +00:00
Code Issues 1 Projects Releases Wiki Activity
gstreamer/subprojects/gst-plugins-good/gst
History
Sebastian Dröge 19359e2b25 qtdemux: Make sure there are enough offsets to read when parsing samples 
While this specific case is also caught when initializing co_chunk, the error
is ignored in various places and calling into the function would lead to out of
bounds reads if the error message doesn't cause the pipeline to be shut down
fast enough.

To avoid this, no matter what, make sure enough offsets are available when
parsing them. While this is potentially slower, the same is already done in the
non-chunks_are_samples case.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-245
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
2024-12-03 21:01:41 +00:00
..
alpha doc: Fix newline char between authors 2023-05-20 05:48:23 +00:00
apetag gst-plugins-good: re-indent with GNU indent 2.2.12 2023-03-17 03:18:54 +00:00
audiofx gst-plugins-good: re-indent with GNU indent 2.2.12 2023-03-17 03:18:54 +00:00
audioparsers flacparse: fix buffer overflow in gst_flac_parse_frame_is_valid 2024-05-27 23:31:44 +00:00
auparse meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
autodetect meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
avi avisubtitle: Fix size checks and avoid overflows when checking sizes 2024-12-03 18:57:06 +00:00
cutter cutter: add audio-level-meta 2024-02-08 13:52:40 +00:00
debugutils navigationtest: Fix plugin description 2024-11-19 17:24:51 +00:00
deinterlace common: Use more efficient versions of GstCapsFeatures API where possible 2024-09-26 19:26:18 +03:00
dtmf rtpdtmfsrc: minor logging clean-up 2024-06-19 07:32:49 +00:00
effectv meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
equalizer meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
flv flvmux: Fix off-by-one in month/day-of-the-week array 2024-12-01 09:49:29 +00:00
flx meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
goom gst-plugins-good: re-indent with GNU indent 2.2.12 2023-03-17 03:18:54 +00:00
goom2k1 meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
icydemux meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
id3demux meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
imagefreeze imagefreeze: Add support for JPEG / PNG 2024-10-18 06:53:04 +00:00
interleave gst-plugins-good: use g_sort_array() instead of deprecated g_qsort_with_data() 2024-09-02 22:31:34 +00:00
isomp4 qtdemux: Make sure there are enough offsets to read when parsing samples 2024-12-03 21:01:41 +00:00
law meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
level level: Fix integer overflow when filling LevelMeta 2024-12-02 19:08:49 +00:00
matroska matroskademux: Put a copy of the codec data into the A_MS/ACM caps 2024-12-03 20:02:52 +00:00
monoscope video: Don't overshoot QoS earliest time by a factor of 2 2024-09-13 19:52:52 +00:00
multifile splitmuxsrc: Convert part reader to a bin with a non-async bus 2024-11-25 15:55:50 +02:00
multipart meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
replaygain meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
rtp rtph26xpay: silence some maybe-unitialized warnings 2024-11-18 12:10:58 +11:00
rtpmanager rtpsource: include config.h header to avoid g_memdup2 link issue 2024-11-21 01:11:22 +00:00
rtsp rtspsrc: Update version of tcp-timestamp property to 1.24.10 2024-11-29 11:12:04 +00:00
shapewipe video: Don't overshoot QoS earliest time by a factor of 2 2024-09-13 19:52:52 +00:00
smpte meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
spectrum meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
udp udpsrc: protect cancellable from unlock/unlock_stop race 2024-11-15 10:33:44 +00:00
videobox videocrop, videobox: Simplify navigation event handling and support touch events 2022-11-11 06:45:49 +00:00
videocrop videocrop, videobox: Simplify navigation event handling and support touch events 2022-11-11 06:45:49 +00:00
videofilter videoflip: fix concurrent access when modifying the tag list 2023-07-25 15:18:05 +02:00
videomixer video: Don't overshoot QoS earliest time by a factor of 2 2024-09-13 19:52:52 +00:00
wavenc gst-plugins-good: re-indent with GNU indent 2.2.12 2023-03-17 03:18:54 +00:00
wavparse wavparse: Check size before reading ds64 chunk 2024-12-03 18:03:43 +00:00
xingmux xingmux: drop use of GSlice 2023-01-24 15:25:06 +00:00
y4m meson: Call pkgconfig.generate in the loop where we declare plugins dependencies 2022-09-01 21:17:35 +00:00
meson.build xingmux: move from gst-plugins-ugly to gst-plugins-good 2022-10-25 12:40:20 +00:00