pool/gstreamer-plugins-base
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1177125 from home:qzhao:branches:multimedia:libs

Browse Source 
Add gst-plugins-base-CVE-2024-4453.patch: Backporting e68eccff from upstream, Prevent integer overflows and out of bounds reads when handling undefined tags. (CVE-2024-4453 ZDI-24-467 ZDI-CAN-23896 bsc#1224806)

OBS-URL: https://build.opensuse.org/request/show/1177125
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/gstreamer-plugins-base?expand=0&rev=219
This commit is contained in:
Dominique Leuenberger 2024-05-27 16:05:50 +00:00 committed by Git OBS Bridge
parent 60d86b44e2
commit dc4fc627ed
3 changed files with 63 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
gst-plugins-base-CVE-2024-4453.patch Normal file
View File

@ -0,0 +1,53 @@
commit e68eccff103ab0e91e6d77a892f57131b33902f5
Author: Sebastian Dröge <sebastian@centricular.com>
Date: Thu Apr 25 15:21:20 2024 +0300
exiftag: Prevent integer overflows and out of bounds reads when handling undefined tags
Fixes ZDI-CAN-23896
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6766>
diff -Nura gst-plugins-base-1.24.0/gst-libs/gst/tag/gstexiftag.c gst-plugins-base-1.24.0_new/gst-libs/gst/tag/gstexiftag.c
--- gst-plugins-base-1.24.0/gst-libs/gst/tag/gstexiftag.c 2024-03-05 07:51:42.000000000 +0800
+++ gst-plugins-base-1.24.0_new/gst-libs/gst/tag/gstexiftag.c 2024-05-27 19:25:58.227183616 +0800
@@ -1383,6 +1383,7 @@
if (count > 4) {
GstMapInfo info;
+ gsize alloc_size;
if (offset < reader->base_offset) {
GST_WARNING ("Offset is smaller (%u) than base offset (%u)", offset,
@@ -1404,14 +1405,28 @@
return;
}
+ if (info.size - real_offset < count) {
+ GST_WARNING ("Invalid size %u for buffer of size %" G_GSIZE_FORMAT
+ ", not adding tag %s", count, info.size, tag->gst_tag);
+ gst_buffer_unmap (reader->buffer, &info);
+ return;
+ }
+
+ if (!g_size_checked_add (&alloc_size, count, 1)) {
+ GST_WARNING ("Invalid size %u for buffer of size %" G_GSIZE_FORMAT
+ ", not adding tag %s", real_offset, info.size, tag->gst_tag);
+ gst_buffer_unmap (reader->buffer, &info);
+ return;
+ }
+
/* +1 because it could be a string without the \0 */
- data = malloc (sizeof (guint8) * count + 1);
+ data = malloc (alloc_size);
memcpy (data, info.data + real_offset, count);
data[count] = 0;
gst_buffer_unmap (reader->buffer, &info);
} else {
- data = malloc (sizeof (guint8) * count + 1);
+ data = malloc (count + 1);
memcpy (data, (guint8 *) offset_as_data, count);
data[count] = 0;
}

8
gstreamer-plugins-base.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed May 22 12:45:03 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Add gst-plugins-base-CVE-2024-4453.patch:
Backporting e68eccff from upstream, Prevent integer overflows
and out of bounds reads when handling undefined tags.
(CVE-2024-4453 ZDI-24-467 ZDI-CAN-23896 bsc#1224806)
-------------------------------------------------------------------
Tue Mar 5 06:20:51 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>

4
gstreamer-plugins-base.spec
View File

@ -29,12 +29,12 @@ URL: https://gstreamer.freedesktop.org
Source0: %{url}/src/%{_name}/%{_name}-%{version}.tar.xz
Source1: gstreamer-plugins-base.appdata.xml
Source2: baselibs.conf
Patch1: add_wayland_dep_to_tests.patch
Patch2: MR-221-video-anc-add-two-new-CEA-608-caption-formats.patch
# https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3303
Patch3: gst-plugins-base-audiobasesink-gap.patch
# PATCH-FIX-UPSTREAM gst-plugins-base-CVE-2024-4453.patch CVE-2024-4453 ZDI-24-467 ZDI-CAN-23896 bsc#1224806 qzhao@suse.com -- Prevent integer overflows and out of bounds reads when handling undefined tags.
Patch4: gst-plugins-base-CVE-2024-4453.patch
BuildRequires: Mesa-libGLESv3-devel
BuildRequires: cdparanoia-devel
BuildRequires: gcc-c++