sources/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch

From be0ac3f40949cb951d5f0761f4a3bd597a94947f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 19:04:51 +0300
Subject: [PATCH 4/7] matroskademux: Don't take data out of an empty adapter
 when processing WavPack frames

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-249
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>

CVE: CVE-2024-47597
CVE: CVE-2024-47601
CVE: CVE-2024-47602
CVE: CVE-2024-47603
CVE: CVE-2024-47834
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/be0ac3f40949cb951d5f0761f4a3bd597a94947f]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../gst-plugins-good/gst/matroska/matroska-demux.c    | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
index 91e66fefc3..98ed51e86a 100644
--- a/gst/matroska/matroska-demux.c
+++ b/gst/matroska/matroska-demux.c
@@ -4036,11 +4036,16 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
     }
     gst_buffer_unmap (*buf, &map);
 
-    newbuf = gst_adapter_take_buffer (adapter, gst_adapter_available (adapter));
+    size = gst_adapter_available (adapter);
+    if (size > 0) {
+      newbuf = gst_adapter_take_buffer (adapter, size);
+      gst_buffer_copy_into (newbuf, *buf,
+          GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
+    } else {
+      newbuf = NULL;
+    }
     g_object_unref (adapter);
 
-    gst_buffer_copy_into (newbuf, *buf,
-        GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
     gst_buffer_unref (*buf);
     *buf = newbuf;
 
-- 
2.30.2
Complete Yocto mirror with license table for TQMa6UL (2038-compliance) - 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16) 2026-03-01 20:58:18 +00:00			`From be0ac3f40949cb951d5f0761f4a3bd597a94947f Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>`
			`Date: Mon, 30 Sep 2024 19:04:51 +0300`
			`Subject: [PATCH 4/7] matroskademux: Don't take data out of an empty adapter`
			`when processing WavPack frames`

			`Thanks to Antonio Morales for finding and reporting the issue.`

			`Fixes GHSL-2024-249`
			`Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865`

			`Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>`

			`CVE: CVE-2024-47597`
			`CVE: CVE-2024-47601`
			`CVE: CVE-2024-47602`
			`CVE: CVE-2024-47603`
			`CVE: CVE-2024-47834`
			`Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/be0ac3f40949cb951d5f0761f4a3bd597a94947f]`
			`Signed-off-by: Peter Marko <peter.marko@siemens.com>`
			`---`
			`.../gst-plugins-good/gst/matroska/matroska-demux.c \| 11 ++++++++---`
			`1 file changed, 8 insertions(+), 3 deletions(-)`

			`diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c`
			`index 91e66fefc3..98ed51e86a 100644`
			`--- a/gst/matroska/matroska-demux.c`
			`+++ b/gst/matroska/matroska-demux.c`
			`@@ -4036,11 +4036,16 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,`
			`}`
			`gst_buffer_unmap (*buf, &map);`

			`- newbuf = gst_adapter_take_buffer (adapter, gst_adapter_available (adapter));`
			`+ size = gst_adapter_available (adapter);`
			`+ if (size > 0) {`
			`+ newbuf = gst_adapter_take_buffer (adapter, size);`
			`+ gst_buffer_copy_into (newbuf, *buf,`
			`+ GST_BUFFER_COPY_TIMESTAMPS \| GST_BUFFER_COPY_FLAGS, 0, -1);`
			`+ } else {`
			`+ newbuf = NULL;`
			`+ }`
			`g_object_unref (adapter);`

			`- gst_buffer_copy_into (newbuf, *buf,`
			`- GST_BUFFER_COPY_TIMESTAMPS \| GST_BUFFER_COPY_FLAGS, 0, -1);`
			`gst_buffer_unref (*buf);`
			`*buf = newbuf;`

			`--`
			`2.30.2`