Overview

File CVE-2024-47778.patch of Package gstreamer-plugins-good.36929

From 4c198f4891cfabde868944d55ff98925e7beb757 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 4 Oct 2024 13:09:43 +0300
Subject: [PATCH 2/7] wavparse: Make sure enough data for the tag list tag is
 available before parsing

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-258
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3886

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
---
diff -urp gst-plugins-good-1.24.7.orig/gst/wavparse/gstwavparse.c gst-plugins-good-1.24.7/gst/wavparse/gstwavparse.c
--- gst-plugins-good-1.24.7.orig/gst/wavparse/gstwavparse.c	2024-12-16 04:10:50.573919465 -0500
+++ gst-plugins-good-1.24.7/gst/wavparse/gstwavparse.c	2024-12-16 04:11:33.084237234 -0500
@@ -1479,6 +1479,10 @@ gst_wavparse_stream_headers (GstWavParse
       case GST_RIFF_TAG_LIST:{
         guint32 ltag;
 
+        /* Need at least the ltag */
+        if (size < 4)
+          goto exit;
+
         if (wav->streaming) {
           const guint8 *data = NULL;
openSUSE Build Service is sponsored by
Places