Overview

File 0001-rmdemux-Use-GST_LOG_OBJECT-instead-of-GST_LOG.patch of Package gstreamer-plugins-ugly.30116

From 763d2bb43c18000771ff3b68b28b756a0035c914 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 7 Jul 2023 09:59:04 +0300
Subject: [PATCH 1/5] rmdemux: Use GST_LOG_OBJECT instead of GST_LOG

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072>
---
 subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gst/realmedia/rmdemux.c b/gst/realmedia/rmdemux.c
index 1873cc10287..473aebe075d 100644
--- a/gst/realmedia/rmdemux.c
+++ b/gst/realmedia/rmdemux.c
@@ -2148,8 +2148,8 @@ gst_rmdemux_descramble_sipr_audio (GstRMDemux * rmdemux,
 
   g_assert (stream->height == height);
 
-  GST_LOG ("packet_size = %u, leaf_size = %u, height= %u", packet_size,
-      stream->leaf_size, height);
+  GST_LOG_OBJECT (rmdemux, "packet_size = %u, leaf_size = %u, height= %u",
+      packet_size, stream->leaf_size, height);
 
   outbuf = gst_buffer_new_and_alloc (height * packet_size);
   gst_buffer_map (outbuf, &outmap, GST_MAP_WRITE);
-- 
GitLab


From b268b27cd8ff0dda1fda71890cd414f4cb2096db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 7 Jul 2023 09:59:20 +0300
Subject: [PATCH 2/5] rmdemux: Check for integer overflows when calculating the
 size of SIPR audio buffers

Fixes ZDI-CAN-21443
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2782

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072>
---
 subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gst/realmedia/rmdemux.c b/gst/realmedia/rmdemux.c
index 473aebe075d..eaee9acdd12 100644
--- a/gst/realmedia/rmdemux.c
+++ b/gst/realmedia/rmdemux.c
@@ -2144,6 +2144,7 @@ gst_rmdemux_descramble_sipr_audio (GstRMDemux * rmdemux,
   GstMapInfo outmap;
   guint packet_size = stream->packet_size;
   guint height = stream->subpackets->len;
+  guint size;
   guint p;
 
   g_assert (stream->height == height);
@@ -2151,7 +2152,12 @@ gst_rmdemux_descramble_sipr_audio (GstRMDemux * rmdemux,
   GST_LOG_OBJECT (rmdemux, "packet_size = %u, leaf_size = %u, height= %u",
       packet_size, stream->leaf_size, height);
 
-  outbuf = gst_buffer_new_and_alloc (height * packet_size);
+  if (!g_uint_checked_mul (&size, height, packet_size)) {
+    GST_ERROR_OBJECT (rmdemux, "overflowing SIPR audio packet size");
+    return GST_FLOW_ERROR;
+  }
+
+  outbuf = gst_buffer_new_and_alloc (size);
   gst_buffer_map (outbuf, &outmap, GST_MAP_WRITE);
 
   for (p = 0; p < height; ++p) {
-- 
GitLab


From aca056b01de482b5f10eeb966b3409dc40324c03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 7 Jul 2023 10:00:19 +0300
Subject: [PATCH 3/5] rmdemux: Check that enough SIPR audio data is available
 when copying

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072>
---
 subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gst/realmedia/rmdemux.c b/gst/realmedia/rmdemux.c
index eaee9acdd12..902092b24b3 100644
--- a/gst/realmedia/rmdemux.c
+++ b/gst/realmedia/rmdemux.c
@@ -2168,7 +2168,13 @@ gst_rmdemux_descramble_sipr_audio (GstRMDemux * rmdemux,
       GST_BUFFER_PTS (outbuf) = GST_BUFFER_PTS (b);
     }
 
-    gst_buffer_extract (b, 0, outmap.data + packet_size * p, packet_size);
+    if (gst_buffer_extract (b, 0, outmap.data + packet_size * p,
+            packet_size) != packet_size) {
+      GST_ERROR_OBJECT (rmdemux, "not enough SIPR audio data available");
+      gst_buffer_unmap (outbuf, &outmap);
+      gst_buffer_unref (outbuf);
+      return GST_FLOW_ERROR;
+    }
   }
   gst_buffer_unmap (outbuf, &outmap);
 
-- 
GitLab


From d8d83ad435fa97ce00721a539ccab2ef6cf5cfa5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 7 Jul 2023 10:08:03 +0300
Subject: [PATCH 4/5] rmdemux: Use GST_LOG_OBJECT instead of GST_LOG

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072>
---
 subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gst/realmedia/rmdemux.c b/gst/realmedia/rmdemux.c
index 902092b24b3..a0e38ef1d69 100644
--- a/gst/realmedia/rmdemux.c
+++ b/gst/realmedia/rmdemux.c
@@ -2011,8 +2011,8 @@ gst_rmdemux_descramble_audio (GstRMDemux * rmdemux, GstRMDemuxStream * stream)
 
   g_assert (stream->height == height);
 
-  GST_LOG ("packet_size = %u, leaf_size = %u, height= %u", packet_size,
-      leaf_size, height);
+  GST_LOG_OBJECT (rmdemux, "packet_size = %u, leaf_size = %u, height= %u",
+      packet_size, leaf_size, height);
 
   outbuf = gst_buffer_new_and_alloc (height * packet_size);
   gst_buffer_map (outbuf, &outmap, GST_MAP_WRITE);
-- 
GitLab


From 67e38cf47b7683586c24de18d8253029042dc72f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 7 Jul 2023 10:08:21 +0300
Subject: [PATCH 5/5] rmdemux: Check for integer overflow when calculation
 audio packet size

Fixes ZDI-CAN-21444
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2782

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5072>
---
 subprojects/gst-plugins-ugly/gst/realmedia/rmdemux.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gst/realmedia/rmdemux.c b/gst/realmedia/rmdemux.c
index a0e38ef1d69..981932675b3 100644
--- a/gst/realmedia/rmdemux.c
+++ b/gst/realmedia/rmdemux.c
@@ -2007,6 +2007,7 @@ gst_rmdemux_descramble_audio (GstRMDemux * rmdemux, GstRMDemuxStream * stream)
   guint packet_size = stream->packet_size;
   guint height = stream->subpackets->len;
   guint leaf_size = stream->leaf_size;
+  guint size;
   guint p, x;
 
   g_assert (stream->height == height);
@@ -2014,7 +2015,12 @@ gst_rmdemux_descramble_audio (GstRMDemux * rmdemux, GstRMDemuxStream * stream)
   GST_LOG_OBJECT (rmdemux, "packet_size = %u, leaf_size = %u, height= %u",
       packet_size, leaf_size, height);
 
-  outbuf = gst_buffer_new_and_alloc (height * packet_size);
+  if (!g_uint_checked_mul (&size, height, packet_size)) {
+    GST_ERROR_OBJECT (rmdemux, "overflowing audio packet size");
+    return GST_FLOW_ERROR;
+  }
+
+  outbuf = gst_buffer_new_and_alloc (size);
   gst_buffer_map (outbuf, &outmap, GST_MAP_WRITE);
 
   for (p = 0; p < height; ++p) {
-- 
GitLab
openSUSE Build Service is sponsored by
Places