File gst-plugins-base-CVE-2009-0586.patch of Package gstreamer-0_10-plugins-base

diff --git a/gst-libs/gst/tag/gstvorbistag.c b/gst-libs/gst/tag/gstvorbistag.c
index 0999368..9401e61 100644
--- a/gst-libs/gst/tag/gstvorbistag.c
+++ b/gst-libs/gst/tag/gstvorbistag.c
@@ -305,30 +305,32 @@ gst_vorbis_tag_add (GstTagList * list, const gchar * tag, const gchar * value)
 }
 
 static void
-gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64,
+gst_vorbis_tag_add_coverart (GstTagList * tags, gchar * img_data_base64,
     gint base64_len)
 {
   GstBuffer *img;
-  guchar *img_data;
   gsize img_len;
+  guchar *out;
   guint save = 0;
   gint state = 0;
 
   if (base64_len < 2)
     goto not_enough_data;
 
-  img_data = g_try_malloc0 (base64_len * 3 / 4);
-
-  if (img_data == NULL)
-    goto alloc_failed;
-
-  img_len = g_base64_decode_step (img_data_base64, base64_len, img_data,
-      &state, &save);
+  /* img_data_base64 points to a temporary copy of the base64 encoded data, so
+   * it's safe to do inpace decoding here
+   * TODO: glib 2.20 and later provides g_base64_decode_inplace, so change this
+   * to use glib's API instead once it's in wider use:
+   *  http://bugzilla.gnome.org/show_bug.cgi?id=564728
+   *  http://svn.gnome.org/viewvc/glib?view=revision&revision=7807 */
+  out = (guchar *) img_data_base64;
+  img_len = g_base64_decode_step (img_data_base64, base64_len,
+      out, &state, &save);
 
   if (img_len == 0)
     goto decode_failed;
 
-  img = gst_tag_image_data_to_image_buffer (img_data, img_len,
+  img = gst_tag_image_data_to_image_buffer (out, img_len,
       GST_TAG_IMAGE_TYPE_NONE);
 
   if (img == NULL)
@@ -338,7 +340,6 @@ gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64,
       GST_TAG_PREVIEW_IMAGE, img, NULL);
 
   gst_buffer_unref (img);
-  g_free (img_data);
   return;
 
 /* ERRORS */
@@ -347,21 +348,14 @@ not_enough_data:
     GST_WARNING ("COVERART tag with too little base64-encoded data");
     return;
   }
-alloc_failed:
-  {
-    GST_WARNING ("Couldn't allocate enough memory to decode COVERART tag");
-    return;
-  }
 decode_failed:
   {
-    GST_WARNING ("Couldn't decode bas64 image data from COVERART tag");
-    g_free (img_data);
+    GST_WARNING ("Couldn't decode base64 image data from COVERART tag");
     return;
   }
 convert_failed:
   {
     GST_WARNING ("Couldn't extract image or image type from COVERART tag");
-    g_free (img_data);
     return;
   }
 }
@@ -457,6 +451,7 @@ error:
   return NULL;
 #undef ADVANCE
 }
+
 typedef struct
 {
   guint count;