diff options
Diffstat (limited to 'meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264_sei-Fix-infinite-loop.patch')
-rw-r--r-- | meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264_sei-Fix-infinite-loop.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264_sei-Fix-infinite-loop.patch b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264_sei-Fix-infinite-loop.patch new file mode 100644 index 0000000000..1e62b50360 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264_sei-Fix-infinite-loop.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | gst-ffmpeg: h264_sei: Fix infinite loop. | ||
2 | |||
3 | Fixsot yet fixed parts of CVE-2011-3946. | ||
4 | |||
5 | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind | ||
6 | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | |||
10 | Signed-off-by: Yue Tao <yue.tao@windriver.com> | ||
11 | |||
12 | --- | ||
13 | libavcodec/h264_sei.c | 4 ++++ | ||
14 | 1 files changed, 4 insertions(+), 0 deletions(-) | ||
15 | |||
16 | |||
17 | diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c | ||
18 | index 374e53d..80d70e5 100644 | ||
19 | --- a/gst-libs/ext/libav/libavcodec/h264_sei.c | ||
20 | +++ b/gst-libs/ext/libav/libavcodec/h264_sei.c | ||
21 | @@ -169,11 +169,15 @@ int ff_h264_decode_sei(H264Context *h){ | ||
22 | |||
23 | type=0; | ||
24 | do{ | ||
25 | + if (get_bits_left(&s->gb) < 8) | ||
26 | + return -1; | ||
27 | type+= show_bits(&s->gb, 8); | ||
28 | }while(get_bits(&s->gb, 8) == 255); | ||
29 | |||
30 | size=0; | ||
31 | do{ | ||
32 | + if (get_bits_left(&s->gb) < 8) | ||
33 | + return -1; | ||
34 | size+= show_bits(&s->gb, 8); | ||
35 | }while(get_bits(&s->gb, 8) == 255); | ||
36 | |||
37 | -- | ||
38 | 1.7.5.4 | ||
39 | |||