]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: aaeacca)
gst-plugins-bad: fix CVE-2015-0797
authorKang Kai <kai.kang@windriver.com>
Tue, 30 Jun 2015 06:06:49 +0000 (23:06 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 8 Jul 2015 12:06:05 +0000 (13:06 +0100)
Backport patch from debian to fix CVE-2015-0797.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784220
https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch

Backported to oe-core fido from meta-oe/meta-multimedia:

http://git.openembedded.org/meta-openembedded/commit/?id=6cb3b63559bf33946f1c5d43626413d9a651e83f

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch [new file with mode: 0644] patch | blob
meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb patch | blob | history

diff --git a/meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch b/meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch
new file mode 100644 (file)
index 0000000..235acda
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch
@@ -0,0 +1,36 @@
+Description: Fix buffer overflow in mp4 parsing
+Author: Ralph Giles <giles@mozilla.com>
+---
+Backport patch from debian to fix CVE-2015-0797.
+https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch
+
+Upstream-Status: Backport
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+--- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c
++++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c
+@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse *
+   GST_DEBUG_OBJECT (h264parse, "nal length %d", size);
++  if (size > G_MAXUINT32 - nl) {
++    GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL),
++        ("overflow in nal size"));
++    return NULL;
++  }
+   buf = gst_buffer_new_and_alloc (size + nl + 4);
+   if (format == GST_H264_PARSE_FORMAT_AVC) {
+     GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl));
+@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse
+     GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size);
+     return;
+   }
++  if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) {
++    GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)",
++        nalu->size);
++    return;
++  }
+   /* we have a peek as well */
+   nal_type = nalu->type;
diff --git a/meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb b/meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb
index 0f64871497c864914608f83120e919ba334cf4fe..4d944834624d3607c1ad8735c5a3afa4513e9d7b 100644 (file)
--- a/meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb
@@ -10,6 +10,8 @@ DEPENDS += "gst-plugins-base"
 
 PR = "r4"
 
+SRC_URI += "file://buffer-overflow-mp4.patch"
+
 inherit gettext gsettings
 
 EXTRA_OECONF += "--disable-experimental \
Mirror of the official openembedded-core repository