File CVE-2024-47539.patch of Package gstreamer-plugins-good.36929

From 1d534ac209e4042d08513f8cd448b9b12187aacd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 26 Sep 2024 09:20:28 +0300
Subject: [PATCH 05/12] qtdemux: Make sure only an even number of bytes is
 processed when handling CEA608 data

An odd number of bytes would lead to out of bound reads and writes, and doesn't
make any sense as CEA608 comes in byte pairs.

Strip off any leftover bytes and assume everything before that is valid.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-195
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3841

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
---
diff -urp gst-plugins-good-1.24.7.orig/gst/isomp4/qtdemux.c gst-plugins-good-1.24.7/gst/isomp4/qtdemux.c
--- gst-plugins-good-1.24.7.orig/gst/isomp4/qtdemux.c	2024-12-16 03:30:49.988792063 -0500
+++ gst-plugins-good-1.24.7/gst/isomp4/qtdemux.c	2024-12-16 03:30:08.785122550 -0500
@@ -6144,6 +6144,11 @@ convert_to_s334_1a (const guint8 * ccpai
   guint8 *storage;
   gsize i;
 
+  /* Strip off any leftover odd bytes and assume everything before is valid */
+  if (ccpair_size % 2 != 0) {
+    ccpair_size -= 1;
+  }
+
   /* We are converting from pairs to triplets */
   *res = ccpair_size / 2 * 3;
   storage = g_malloc (*res);
Places

File CVE-2024-47539.patch of Package gstreamer-plugins-good.36929

Places
