Overview

File gstreamer-CVE-2022-1921.patch of Package gstreamer-0_10-plugins-good.25653

diff -urp gst-plugins-good-0.10.31.orig/gst/avi/gstavidemux.c gst-plugins-good-0.10.31/gst/avi/gstavidemux.c
--- gst-plugins-good-0.10.31.orig/gst/avi/gstavidemux.c	2011-12-30 07:59:09.000000000 -0600
+++ gst-plugins-good-0.10.31/gst/avi/gstavidemux.c	2022-08-22 11:35:33.348446915 -0500
@@ -4454,8 +4454,8 @@ static GstBuffer *
 gst_avi_demux_invert (GstAviStream * stream, GstBuffer * buf)
 {
   GstStructure *s;
-  gint y, w, h;
-  gint bpp, stride;
+  guint y, w, h;
+  guint bpp, stride;
   guint8 *tmp = NULL;
 
   if (stream->strh->type != GST_RIFF_FCC_vids)
@@ -4478,10 +4478,21 @@ gst_avi_demux_invert (GstAviStream * str
 
   h = stream->strf.vids->height;
   w = stream->strf.vids->width;
+
+  if ((guint64) w * ((guint64) bpp / 8) > G_MAXUINT - 4) {
+    GST_WARNING ("Width x stride overflows");
+    return buf;
+  }
+
+  if (w == 0 || h == 0) {
+    GST_WARNING ("Zero width or height");
+    return buf;
+  }
+
   stride = GST_ROUND_UP_4 (w * (bpp / 8));
 
   buf = gst_buffer_make_writable (buf);
-  if (GST_BUFFER_SIZE (buf) < (stride * h)) {
+  if (GST_BUFFER_SIZE (buf) < ((guint64) stride * (guint64) h)) {
     GST_WARNING ("Buffer is smaller than reported Width x Height x Depth");
     return buf;
   }
Only in gst-plugins-good-0.10.31/gst/avi: gstavidemux.c.orig
Only in gst-plugins-good-0.10.31/gst/avi: gstavidemux.c.rej
openSUSE Build Service is sponsored by
Places