File gst-video-info-sanity-check-frame-size.patch of Package gstreamer-plugins-base.36920

diff -urp gst-plugins-base-1.8.3.orig/gst-libs/gst/video/video-info.c gst-plugins-base-1.8.3/gst-libs/gst/video/video-info.c
--- gst-plugins-base-1.8.3.orig/gst-libs/gst/video/video-info.c	2016-03-24 06:36:33.000000000 -0500
+++ gst-plugins-base-1.8.3/gst-libs/gst/video/video-info.c	2025-01-06 16:05:06.967153346 -0600
@@ -106,7 +106,7 @@ gst_video_info_new (void)
   return info;
 }
 
-static int fill_planes (GstVideoInfo * info);
+static gboolean fill_planes (GstVideoInfo * info);
 
 /**
  * gst_video_info_init:
@@ -404,7 +404,8 @@ gst_video_info_from_caps (GstVideoInfo *
     set_default_colorimetry (info);
   }
 
-  fill_planes (info);
+  if (!fill_planes (info))
+    return FALSE;
 
   return TRUE;
 
@@ -603,14 +604,25 @@ gst_video_info_to_caps (GstVideoInfo * i
   return caps;
 }
 
-static int
+static gboolean
 fill_planes (GstVideoInfo * info)
 {
   gsize width, height, cr_h;
+  gint bpp = 0, i;
 
   width = (gsize) info->width;
   height = (gsize) info->height;
 
+  /* Sanity check the resulting frame size for overflows */
+  for (i = 0; i < GST_VIDEO_INFO_N_COMPONENTS (info); i++)
+    bpp += GST_VIDEO_INFO_COMP_DEPTH (info, i);
+  bpp = GST_ROUND_UP_8 (bpp) / 8;
+  if (GST_ROUND_UP_128 ((guint64) width) * ((guint64) height) * bpp >=
+      G_MAXUINT) {
+    GST_ERROR ("Frame size %ux%u would overflow", info->width, info->height);
+    return FALSE;
+  }
+
   switch (info->finfo->format) {
     case GST_VIDEO_FORMAT_YUY2:
     case GST_VIDEO_FORMAT_YVYU:
@@ -884,9 +896,10 @@ fill_planes (GstVideoInfo * info)
     case GST_VIDEO_FORMAT_UNKNOWN:
       GST_ERROR ("invalid format");
       g_warning ("invalid format");
+      return FALSE;
       break;
   }
-  return 0;
+  return TRUE;
 }
 
 /**