File CVE-2024-47607.patch of Package gstreamer-plugins-base.39267

From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 1 Oct 2024 13:22:50 +0300
Subject: [PATCH] opusdec: Set at most 64 channels to NONE position

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-116
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>
---
 subprojects/gst-plugins-base/ext/opus/gstopusdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff -urp gst-plugins-base-1.24.0.orig/ext/opus/gstopusdec.c gst-plugins-base-1.24.0/ext/opus/gstopusdec.c
--- gst-plugins-base-1.24.0.orig/ext/opus/gstopusdec.c	2024-03-04 17:51:42.000000000 -0600
+++ gst-plugins-base-1.24.0/ext/opus/gstopusdec.c	2025-01-07 11:32:23.385069871 -0600
@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec *
         posn = gst_opus_channel_positions[dec->n_channels - 1];
         break;
       default:{
-        gint i;
+        guint i, max_pos = MIN (dec->n_channels, 64);
 
         GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
             (NULL), ("Using NONE channel layout for more than 8 channels"));
 
-        for (i = 0; i < dec->n_channels; i++)
+        for (i = 0; i < max_pos; i++)
           pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
 
         posn = pos;