File CVE-2024-47775.patch of Package gstreamer-plugins-good.39306

From 4f381d15014471b026020d0990a5f5a9f420a22b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 4 Oct 2024 13:51:00 +0300
Subject: [PATCH 7/7] wavparse: Check size before reading ds64 chunk

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-261
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3889

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
---
diff -urp gst-plugins-good-1.24.7.orig/gst/wavparse/gstwavparse.c gst-plugins-good-1.24.7/gst/wavparse/gstwavparse.c
--- gst-plugins-good-1.24.7.orig/gst/wavparse/gstwavparse.c	2024-08-21 07:25:15.000000000 -0400
+++ gst-plugins-good-1.24.7/gst/wavparse/gstwavparse.c	2024-12-16 04:02:50.466966185 -0500
@@ -1079,6 +1079,11 @@ parse_ds64 (GstWavParse * wav, GstBuffer
   guint32 sampleCountLow, sampleCountHigh;
 
   gst_buffer_map (buf, &map, GST_MAP_READ);
+  if (map.size < 6 * 4) {
+    GST_WARNING_OBJECT (wav, "Too small ds64 chunk (%" G_GSIZE_FORMAT ")",
+        map.size);
+    return FALSE;
+  }
   dataSizeLow = GST_READ_UINT32_LE (map.data + 2 * 4);
   dataSizeHigh = GST_READ_UINT32_LE (map.data + 3 * 4);
   sampleCountLow = GST_READ_UINT32_LE (map.data + 4 * 4);