gstreamer1.0-plugins-good: patch CVE-2024-47613

Pick commit from: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041 (From OE-Core rev: 6236088fc43f7d2e8a01bb6e3937969ced8a7f6d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2024-12-30 18:27:12 +0100
committer: Steve Sakoman <steve@sakoman.com> 2025-01-09 06:25:35 -0800
commit: 144b7586d124aec1ab6715282492ebca07fa2e51 (patch)
tree: 707719a4efd3acacaa877c88db549d6101e66d99
parent: 0ebfc58642738c257f31ff98c91153b6beb57f2c (diff)
download: poky-144b7586d124aec1ab6715282492ebca07fa2e51.tar.gz
2 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
new file mode 100644
index 0000000000..502b26f9d5
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
@@ -0,0 +1,53 @@
+From 1d1c9d63be51d85f9b80f0c227d4b3469fee2534 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 2 Oct 2024 14:44:21 +0300
+Subject: [PATCH] gdkpixbufdec: Check if initializing the video info actually
+ succeeded
+Otherwise a 0-byte buffer would be allocated, which gives NULL memory when
+mapped.
+Thanks to Antonio Morales for finding and reporting the issue.
+Fixes GHSL-2024-118
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3876
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041>
+CVE: CVE-2024-47613
+Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ext/gdk_pixbuf/gstgdkpixbufdec.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+diff --git a/ext/gdk_pixbuf/gstgdkpixbufdec.c b/ext/gdk_pixbuf/gstgdkpixbufdec.c
+index 5482998c0d..de5f054964 100644
+--- a/ext/gdk_pixbuf/gstgdkpixbufdec.c
+++ b/ext/gdk_pixbuf/gstgdkpixbufdec.c
+@@ -322,7 +322,8 @@ gst_gdk_pixbuf_dec_flush (GstGdkPixbufDec * filter)
+ 
+ 
+     gst_video_info_init (&info);
+-    gst_video_info_set_format (&info, fmt, width, height);
+    if (!gst_video_info_set_format (&info, fmt, width, height))
+      goto format_not_supported;
+     info.fps_n = filter->in_fps_n;
+     info.fps_d = filter->in_fps_d;
+     caps = gst_video_info_to_caps (&info);
+@@ -384,6 +385,12 @@ channels_not_supported:
+         ("%d channels not supported", n_channels));
+     return GST_FLOW_ERROR;
+   }
+format_not_supported:
+  {
+    GST_ELEMENT_ERROR (filter, STREAM, DECODE, (NULL),
+        ("%d channels with %dx%d not supported", n_channels, width, height));
+    return GST_FLOW_ERROR;
+  }
+ no_buffer:
+   {
+     GST_DEBUG ("Failed to create outbuffer - %s", gst_flow_get_name (ret));
+-- 
+2.30.2
diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
index 94c34cf908..ca26290340 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -20,6 +20,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
           file://0011-qtdemux-Actually-handle-errors-returns-from-various-.patch \
           file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \
           file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \
+           file://0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch \
          "
 SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"
author	Peter Marko <peter.marko@siemens.com>	2024-12-30 18:27:12 +0100
committer	Steve Sakoman <steve@sakoman.com>	2025-01-09 06:25:35 -0800
commit	144b7586d124aec1ab6715282492ebca07fa2e51 (patch)
tree	707719a4efd3acacaa877c88db549d6101e66d99
parent	0ebfc58642738c257f31ff98c91153b6beb57f2c (diff)
download	poky-144b7586d124aec1ab6715282492ebca07fa2e51.tar.gz

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch new file mode 100644 index 0000000000..502b26f9d5 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
@@ -0,0 +1,53 @@
		1	From 1d1c9d63be51d85f9b80f0c227d4b3469fee2534 Mon Sep 17 00:00:00 2001
		2	From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
		3	Date: Wed, 2 Oct 2024 14:44:21 +0300
		4	Subject: [PATCH] gdkpixbufdec: Check if initializing the video info actually
		5	succeeded
		6
		7	Otherwise a 0-byte buffer would be allocated, which gives NULL memory when
		8	mapped.
		9
		10	Thanks to Antonio Morales for finding and reporting the issue.
		11
		12	Fixes GHSL-2024-118
		13	Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3876
		14
		15	Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041>
		16
		17	CVE: CVE-2024-47613
		18	Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d1c9d63be51d85f9b80f0c227d4b3469fee2534]
		19	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		20	---
		21	ext/gdk_pixbuf/gstgdkpixbufdec.c \| 9 ++++++++-
		22	1 file changed, 8 insertions(+), 1 deletion(-)
		23
		24	diff --git a/ext/gdk_pixbuf/gstgdkpixbufdec.c b/ext/gdk_pixbuf/gstgdkpixbufdec.c
		25	index 5482998c0d..de5f054964 100644
		26	--- a/ext/gdk_pixbuf/gstgdkpixbufdec.c
		27	+++ b/ext/gdk_pixbuf/gstgdkpixbufdec.c
		28	@@ -322,7 +322,8 @@ gst_gdk_pixbuf_dec_flush (GstGdkPixbufDec * filter)
		29
		30
		31	gst_video_info_init (&info);
		32	- gst_video_info_set_format (&info, fmt, width, height);
		33	+ if (!gst_video_info_set_format (&info, fmt, width, height))
		34	+ goto format_not_supported;
		35	info.fps_n = filter->in_fps_n;
		36	info.fps_d = filter->in_fps_d;
		37	caps = gst_video_info_to_caps (&info);
		38	@@ -384,6 +385,12 @@ channels_not_supported:
		39	("%d channels not supported", n_channels));
		40	return GST_FLOW_ERROR;
		41	}
		42	+format_not_supported:
		43	+ {
		44	+ GST_ELEMENT_ERROR (filter, STREAM, DECODE, (NULL),
		45	+ ("%d channels with %dx%d not supported", n_channels, width, height));
		46	+ return GST_FLOW_ERROR;
		47	+ }
		48	no_buffer:
		49	{
		50	GST_DEBUG ("Failed to create outbuffer - %s", gst_flow_get_name (ret));
		51	--
		52	2.30.2
		53


diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 94c34cf908..ca26290340 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb
@@ -20,6 +20,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go
20	file://0011-qtdemux-Actually-handle-errors-returns-from-various-.patch \	20	file://0011-qtdemux-Actually-handle-errors-returns-from-various-.patch \
21	file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \	21	file://0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch \
22	file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \	22	file://0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch \
		23	file://0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch \
23	"	24	"
24		25
25	SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"	26	SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7"