16accb6b24
- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
From 93d79c22a82604adc5512557c1238f72f41188c4 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
Date: Fri, 4 Oct 2024 13:22:02 +0300
|
|
Subject: [PATCH 5/7] wavparse: Check that at least 32 bytes are available
|
|
before parsing smpl chunks
|
|
|
|
Thanks to Antonio Morales for finding and reporting the issue.
|
|
|
|
Fixes GHSL-2024-259
|
|
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3887
|
|
|
|
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042>
|
|
|
|
CVE: CVE-2024-47775
|
|
CVE: CVE-2024-47776
|
|
CVE: CVE-2024-47777
|
|
CVE: CVE-2024-47778
|
|
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/93d79c22a82604adc5512557c1238f72f41188c4]
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
|
---
|
|
gst/wavparse/gstwavparse.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/gst/wavparse/gstwavparse.c b/gst/wavparse/gstwavparse.c
|
|
index 5655ee3825..8a04805ed4 100644
|
|
--- a/gst/wavparse/gstwavparse.c
|
|
+++ b/gst/wavparse/gstwavparse.c
|
|
@@ -893,6 +893,9 @@ gst_wavparse_smpl_chunk (GstWavParse * wav, const guint8 * data, guint32 size)
|
|
{
|
|
guint32 note_number;
|
|
|
|
+ if (size < 32)
|
|
+ return FALSE;
|
|
+
|
|
/*
|
|
manufacturer_id = GST_READ_UINT32_LE (data);
|
|
product_id = GST_READ_UINT32_LE (data + 4);
|
|
--
|
|
2.30.2
|
|
|