Overview

File CVE-2023-6185.patch of Package libreoffice.31887

From f41dcadf6492a6ffd32696d50f818e44355b9ad9 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Fri, 03 Nov 2023 14:20:07 +0000
Subject: [PATCH] escape url passed to gstreamer

Change-Id: I3c93ee34800cc8563370f75ef3ef6f8a9220e6ec
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158894
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
---

diff --git a/avmedia/source/gstreamer/gstframegrabber.cxx b/avmedia/source/gstreamer/gstframegrabber.cxx
index 6f41511..f8911ed 100644
--- a/avmedia/source/gstreamer/gstframegrabber.cxx
+++ b/avmedia/source/gstreamer/gstframegrabber.cxx
@@ -50,11 +50,9 @@
 
 FrameGrabber::FrameGrabber( std::u16string_view rURL )
 {
-    gchar *pPipelineStr;
-    pPipelineStr = g_strdup_printf(
-        "uridecodebin uri=%s ! videoconvert ! videoscale ! appsink "
-        "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"",
-        OUStringToOString( rURL, RTL_TEXTENCODING_UTF8 ).getStr() );
+    const char pPipelineStr[] =
+        "uridecodebin name=source ! videoconvert ! videoscale ! appsink "
+        "name=sink caps=\"video/x-raw,format=RGB,pixel-aspect-ratio=1/1\"";
 
     GError *pError = nullptr;
     mpPipeline = gst_parse_launch( pPipelineStr, &pError );
@@ -65,6 +63,12 @@
     }
 
     if( mpPipeline ) {
+
+        if (GstElement *pUriDecode = gst_bin_get_by_name(GST_BIN(mpPipeline), "source"))
+            g_object_set(pUriDecode, "uri", OUStringToOString(rURL, RTL_TEXTENCODING_UTF8).getStr(), nullptr);
+        else
+            g_warning("Missing 'source' element in gstreamer pipeline");
+
         // pre-roll
         switch( gst_element_set_state( mpPipeline, GST_STATE_PAUSED ) ) {
         case GST_STATE_CHANGE_FAILURE:
openSUSE Build Service is sponsored by
Places