File gstreamer-plugins-bad-CVE-2023-40476.patch of Package gstreamer-plugins-bad.33558

commit ce17e968e4cf900d28ca5b46f6e095febc42b4f0
Author: Sebastian Dröge <sebastian@centricular.com>
Date:   Thu Aug 10 15:45:01 2023 +0300

    mxfdemux: Fix integer overflow causing out of bounds writes when handling invalid uncompressed video
    
    Check ahead of time when parsing the track information whether
    width, height and bpp are valid and usable without overflows.
    
    Fixes ZDI-CAN-21660, CVE-2023-40474
    
    Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2896
    
    Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362>

diff -Nura gst-plugins-bad-1.22.0/gst-libs/gst/codecparsers/gsth265parser.c gst-plugins-bad-1.22.0_new/gst-libs/gst/codecparsers/gsth265parser.c
--- gst-plugins-bad-1.22.0/gst-libs/gst/codecparsers/gsth265parser.c	2023-01-24 03:29:34.000000000 +0800
+++ gst-plugins-bad-1.22.0_new/gst-libs/gst/codecparsers/gsth265parser.c	2023-10-26 19:40:01.426991664 +0800
@@ -1845,6 +1845,7 @@
 
   READ_UINT8 (&nr, vps->max_layers_minus1, 6);
   READ_UINT8 (&nr, vps->max_sub_layers_minus1, 3);
+  CHECK_ALLOWED (vps->max_sub_layers_minus1, 0, 6);
   READ_UINT8 (&nr, vps->temporal_id_nesting_flag, 1);
 
   /* skip reserved_0xffff_16bits */
@@ -2014,6 +2015,7 @@
   READ_UINT8 (&nr, sps->vps_id, 4);
 
   READ_UINT8 (&nr, sps->max_sub_layers_minus1, 3);
+  CHECK_ALLOWED (sps->max_sub_layers_minus1, 0, 6);
   READ_UINT8 (&nr, sps->temporal_id_nesting_flag, 1);
 
   if (!gst_h265_parse_profile_tier_level (&sps->profile_tier_level, &nr,