1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch
new file mode 100644
index 0000000000..d3de2d5014
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch
@@ -0,0 +1,44 @@
+From 02174790726dd20a5c73ce2002189bf240ad4fe0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 3 Mar 2021 11:31:52 +0200
+Subject: [PATCH] matroskademux: Initialize track context out parameter to NULL
+ before parsing
+Various error return paths don't set it to NULL and callers are only
+checking if the pointer is NULL. As it's allocated on the stack this
+usually contains random stack memory, and more often than not the memory
+of a previously parsed track.
+This then causes all kinds of memory corruptions further down the line.
+Thanks to Natalie Silvanovich for reporting.
+Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues/858
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/903>
+Upstream-Status: Backport [
+https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903 ]
+CVE: CVE-2021-3498
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ gst/matroska/matroska-demux.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
+index 4d0234743..467815986 100644
+--- a/gst/matroska/matroska-demux.c
+++ b/gst/matroska/matroska-demux.c
+@@ -692,6 +692,8 @@ gst_matroska_demux_parse_stream (GstMatroskaDemux * demux, GstEbmlRead * ebml,
+ 
+   DEBUG_ELEMENT_START (demux, ebml, "TrackEntry");
+ 
+  *dest_context = NULL;
+
+   /* start with the master */
+   if ((ret = gst_ebml_read_master (ebml, &id)) != GST_FLOW_OK) {
+     DEBUG_ELEMENT_STOP (demux, ebml, "TrackEntry", ret);
+-- 
+GitLab

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch new file mode 100644 index 0000000000..d3de2d5014 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2021-3498.patch
@@ -0,0 +1,44 @@
	1	From 02174790726dd20a5c73ce2002189bf240ad4fe0 Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
	3	Date: Wed, 3 Mar 2021 11:31:52 +0200
	4	Subject: [PATCH] matroskademux: Initialize track context out parameter to NULL
	5	before parsing
	6
	7	Various error return paths don't set it to NULL and callers are only
	8	checking if the pointer is NULL. As it's allocated on the stack this
	9	usually contains random stack memory, and more often than not the memory
	10	of a previously parsed track.
	11
	12	This then causes all kinds of memory corruptions further down the line.
	13
	14	Thanks to Natalie Silvanovich for reporting.
	15
	16	Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/issues/858
	17
	18	Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/903>
	19
	20	Upstream-Status: Backport [
	21	https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903 ]
	22	CVE: CVE-2021-3498
	23	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
	24
	25	---
	26	gst/matroska/matroska-demux.c \| 2 ++
	27	1 file changed, 2 insertions(+)
	28
	29	diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
	30	index 4d0234743..467815986 100644
	31	--- a/gst/matroska/matroska-demux.c
	32	+++ b/gst/matroska/matroska-demux.c
	33	@@ -692,6 +692,8 @@ gst_matroska_demux_parse_stream (GstMatroskaDemux * demux, GstEbmlRead * ebml,
	34
	35	DEBUG_ELEMENT_START (demux, ebml, "TrackEntry");
	36
	37	+ *dest_context = NULL;
	38	+
	39	/* start with the master */
	40	if ((ret = gst_ebml_read_master (ebml, &id)) != GST_FLOW_OK) {
	41	DEBUG_ELEMENT_STOP (demux, ebml, "TrackEntry", ret);
	42	--
	43	GitLab
	44