File CVE-2024-47777.patch of Package gstreamer-plugins-good.36927

From 93d79c22a82604adc5512557c1238f72f41188c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 4 Oct 2024 13:22:02 +0300
Subject: [PATCH 5/7] wavparse: Check that at least 32 bytes are available
 before parsing smpl chunks

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-259
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3887

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
---
diff -urp gst-plugins-good-1.24.7.orig/gst/wavparse/gstwavparse.c gst-plugins-good-1.24.7/gst/wavparse/gstwavparse.c
--- gst-plugins-good-1.24.7.orig/gst/wavparse/gstwavparse.c	2024-12-16 04:09:03.136449556 -0500
+++ gst-plugins-good-1.24.7/gst/wavparse/gstwavparse.c	2024-12-16 04:09:08.959826424 -0500
@@ -888,6 +888,9 @@ gst_wavparse_smpl_chunk (GstWavParse * w
 {
   guint32 note_number;
 
+  if (size < 32)
+    return FALSE;
+
   /*
      manufacturer_id = GST_READ_UINT32_LE (data);
      product_id = GST_READ_UINT32_LE (data + 4);

Places

File CVE-2024-47777.patch of Package gstreamer-plugins-good.36927

Places