gstreamer/subprojects
Sebastian Dröge ad6012159a matroskademux: Fix integer overflows in zlib/bz2/etc decompression code
Various variables were of smaller types than needed and there were no
checks for any overflows when doing additions on the sizes. This is all
checked now.

In addition the size of the decompressed data is limited to 120MB now as
any larger sizes are likely pathological and we can avoid out of memory
situations in many cases like this.

Also fix a bug where the available output size on the next iteration in
the zlib/bz2 decompression code was provided too large and could
potentially lead to out of bound writes.

Thanks to Adam Doupe for analyzing and reporting the issue.

CVE: CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925

https://gstreamer.freedesktop.org/security/sa-2022-0002.html

Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2610>
2022-06-15 17:50:55 +00:00
..
gst-devtools Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gst-docs Docs: Add the design document for DMA buffer sharing. 2022-06-07 02:28:49 +00:00
gst-editing-services Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gst-examples gst-examples: continue if webrtc deps are not satisfied 2022-05-14 09:49:33 +00:00
gst-integration-testsuites test: update tests to include the new meta 2022-06-03 08:29:05 +00:00
gst-libav libav: fix frame leak on negotiation error 2022-04-18 07:13:09 +00:00
gst-omx Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gst-plugins-bad decklinkvideosink: Fix selection of > PAL widescreen modes 2022-06-15 13:23:51 +00:00
gst-plugins-base decodebin3: fix EOS event sequence 2022-06-15 07:19:30 +00:00
gst-plugins-good matroskademux: Fix integer overflows in zlib/bz2/etc decompression code 2022-06-15 17:50:55 +00:00
gst-plugins-ugly Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gst-python pythonplugin: fails silently on plugin issue 2022-04-28 08:57:47 +00:00
gst-rtsp-server Bump GLib requirement to >= 2.62 2022-06-10 06:01:41 +00:00
gstreamer queuearray: Fix potential heap overflow when expanding GstQueueArray 2022-06-15 15:42:40 +00:00
gstreamer-sharp gstreamer-sharp: apply new code style to alll sources 2022-04-05 08:28:50 +00:00
gstreamer-vaapi vaapi: Do not disable the whole vpp when some va operations not available. 2022-06-15 03:47:36 +00:00
macos-bison-binary New subproject macos-bison-binary to provide bison on macOS 2021-08-28 23:44:52 +05:30
win-flex-bison-binaries win-flex-bison: Use gstreamer mirror as primary source 2020-01-18 17:54:48 +05:30
win-nasm win-nasm: Use gstreamer mirror as primary source 2020-01-18 17:54:48 +05:30
avtp.wrap subprojects/avtp: Update to latest avtp 0.2.0 2022-03-18 22:49:16 +00:00
bindinator.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
cairo.wrap meson: Build cairo subproject when unavailable on the system 2022-01-21 06:34:33 +00:00
dav1d.wrap Add dav1d wrap file 2020-05-02 09:55:12 +00:00
dssim.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
dv.wrap subprojects: add libdv wrap 2021-01-14 19:16:01 +00:00
expat.wrap Update wrap files from latest wrapdb version 2022-03-07 17:47:09 +00:00
fdk-aac.wrap subprojects: fdk-aac: add fallback_url 2021-10-28 23:29:27 +00:00
FFmpeg.wrap wraps:ffmpeg: Move to 4.4 2021-10-15 02:32:40 +00:00
fontconfig.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
freetype2.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
fribidi.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
gl-headers.wrap Move files from gst-plugins-base into the "subprojects/gst-plugins-base/" subdir 2021-09-24 16:13:26 -03:00
glib-networking.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
glib.wrap meson: Update subprojects to fix warnings 2022-01-25 14:25:19 +05:30
graphene.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
gst-plugins-rs.wrap subprojects: Switch gst-plugins-rs.wrap to the main branch 2022-02-16 09:54:07 +02:00
gtk-sharp.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
harfbuzz.wrap harfbuzz.wrap: Use the latest tag instead of tip of git 2021-07-02 17:08:48 +03:00
json-glib.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
lame.wrap subprojects/lame: Update to latest wrap 2022-01-28 02:01:39 +05:30
libdrm.wrap meson: Update subprojects to fix warnings 2022-01-25 14:25:19 +05:30
libffi.wrap subprojects: use libffi and gl-headers from gstreamer gitlab repos 2019-01-28 23:19:19 +01:00
libjpeg-turbo.wrap Update wrap files from latest wrapdb version 2022-03-07 17:47:09 +00:00
libmicrodns.wrap subprojects: libmicrodns: pin to 0.1.2 release 2020-07-07 15:23:29 +01:00
libnice.wrap subprojects: Update libnice to 0.1.19 2022-05-03 18:49:36 -04:00
libopenjp2.wrap Update openjp2 and libxml2 from wrapdb 2022-03-31 14:19:46 -04:00
libpng.wrap subprojects/libpng: Update to latest wrap file 2022-01-28 02:01:39 +05:30
libpsl.wrap libpsl.wrap: pin to 0.21.1 tag 2020-10-26 12:13:12 +00:00
libsoup.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
libwpe.wrap subprojects: Update libwpe and wpebackend-fdo for fallback support 2020-10-12 12:29:01 +00:00
libxml2.wrap Update openjp2 and libxml2 from wrapdb 2022-03-31 14:19:46 -04:00
ogg.wrap subprojects: Update ogg and vorbis wraps 2021-10-19 17:42:21 +00:00
openh264.wrap Update openh264 wrap to v2.2.0 + fixes from master 2022-04-09 21:44:42 +01:00
opus.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
orc.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
pango.wrap subprojects: pin pango wrap to tag 2021-08-08 19:42:24 +01:00
pcre.wrap subprojects/pcre: Add the wrap so it's cached in the image 2022-01-28 02:01:39 +05:30
pixman.wrap meson: Update subprojects to fix warnings 2022-01-25 14:25:19 +05:30
proxy-libintl.wrap Update proxy-libintl wrap to 0.4 2022-04-22 15:36:40 +00:00
pycairo.wrap {pygobject,pycairo}.wrap: point to stable refs 2020-09-15 15:51:42 +03:00
pygobject.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
sqlite3.wrap Update wrap files from latest wrapdb version 2022-03-07 17:47:09 +00:00
vorbis.wrap subprojects: Update ogg and vorbis wraps 2021-10-19 17:42:21 +00:00
webrtc-audio-processing.wrap Pin all wrap files to closest tag or commit sha1 2021-10-14 22:34:49 +00:00
wpebackend-fdo.wrap subprojects: Update libwpe and wpebackend-fdo for fallback support 2020-10-12 12:29:01 +00:00
x264.wrap x264: update to latest stable 160.3011 2020-07-30 15:52:38 +01:00
zlib.wrap Update wrap files from latest wrapdb version 2022-03-07 17:47:09 +00:00