File CVE-2024-47597.patch of Package gstreamer-plugins-good.37233

From 19359e2b2548927cbfd46a526d704cce5a65c2b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 27 Sep 2024 10:38:50 +0300
Subject: [PATCH 09/12] qtdemux: Make sure there are enough offsets to read
 when parsing samples

While this specific case is also caught when initializing co_chunk, the error
is ignored in various places and calling into the function would lead to out of
bounds reads if the error message doesn't cause the pipeline to be shut down
fast enough.

To avoid this, no matter what, make sure enough offsets are available when
parsing them. While this is potentially slower, the same is already done in the
non-chunks_are_samples case.

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-245
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3847

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
---
diff -urp gst-plugins-good-1.24.7.orig/gst/isomp4/qtdemux.c gst-plugins-good-1.24.7/gst/isomp4/qtdemux.c
--- gst-plugins-good-1.24.7.orig/gst/isomp4/qtdemux.c	2024-12-16 03:37:47.622061743 -0500
+++ gst-plugins-good-1.24.7/gst/isomp4/qtdemux.c	2024-12-16 03:41:12.997026675 -0500
@@ -10596,9 +10596,9 @@ qtdemux_parse_samples (GstQTDemux * qtde
           goto done;
         }
 
-        cur->offset =
-            qt_atom_parser_get_offset_unchecked (&stream->co_chunk,
-            stream->co_size);
+        if (!qt_atom_parser_get_offset (&stream->co_chunk,
+                stream->co_size, &cur->offset))
+          goto corrupt_file;
 
         GST_LOG_OBJECT (qtdemux, "Created entry %d with offset "
             "%" G_GUINT64_FORMAT, j, cur->offset);