summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/gstreamer
diff options
context:
space:
mode:
authorKang Kai <kai.kang@windriver.com>2015-06-29 23:06:49 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-07-08 13:07:16 +0100
commit0e2c483f7ddadb5e25499c47c35fc62ed4b345cb (patch)
tree58154b197a1b0c15da65b4d414ad551cb52293ad /meta/recipes-multimedia/gstreamer
parent010a940ba11f3ebbc777b40d06664a72e5e53d3d (diff)
downloadpoky-0e2c483f7ddadb5e25499c47c35fc62ed4b345cb.tar.gz
gst-plugins-bad: fix CVE-2015-0797
Backport patch from debian to fix CVE-2015-0797. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784220 https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch Backported to oe-core fido from meta-oe/meta-multimedia: http://git.openembedded.org/meta-openembedded/commit/?id=6cb3b63559bf33946f1c5d43626413d9a651e83f (From OE-Core rev: 7aa1090d22459bff1159f8193b60166a079d5bd6) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/gstreamer')
-rw-r--r--meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch36
-rw-r--r--meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb2
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch b/meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch
new file mode 100644
index 0000000000..235acda8bf
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gst-plugins-bad/buffer-overflow-mp4.patch
@@ -0,0 +1,36 @@
1Description: Fix buffer overflow in mp4 parsing
2Author: Ralph Giles <giles@mozilla.com>
3---
4Backport patch from debian to fix CVE-2015-0797.
5https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch
6
7Upstream-Status: Backport
8
9Signed-off-by: Kai Kang <kai.kang@windriver.com>
10---
11--- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c
12+++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c
13@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse *
14
15 GST_DEBUG_OBJECT (h264parse, "nal length %d", size);
16
17+ if (size > G_MAXUINT32 - nl) {
18+ GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL),
19+ ("overflow in nal size"));
20+ return NULL;
21+ }
22 buf = gst_buffer_new_and_alloc (size + nl + 4);
23 if (format == GST_H264_PARSE_FORMAT_AVC) {
24 GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl));
25@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse
26 GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size);
27 return;
28 }
29+ if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) {
30+ GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)",
31+ nalu->size);
32+ return;
33+ }
34
35 /* we have a peek as well */
36 nal_type = nalu->type;
diff --git a/meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb b/meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb
index 0f64871497..4d94483462 100644
--- a/meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-plugins-bad_0.10.23.bb
@@ -10,6 +10,8 @@ DEPENDS += "gst-plugins-base"
10 10
11PR = "r4" 11PR = "r4"
12 12
13SRC_URI += "file://buffer-overflow-mp4.patch"
14
13inherit gettext gsettings 15inherit gettext gsettings
14 16
15EXTRA_OECONF += "--disable-experimental \ 17EXTRA_OECONF += "--disable-experimental \