16accb6b24
- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From ba4c3a6f988beff59e45801ab36067293d24ce92 Mon Sep 17 00:00:00 2001
|
|
From: Patrick Griffis <pgriffis@igalia.com>
|
|
Date: Wed, 8 Jan 2025 16:30:17 -0600
|
|
Subject: [PATCH] content-sniffer: Handle sniffing resource shorter than 4
|
|
bytes
|
|
|
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92]
|
|
CVE: CVE-2025-32909
|
|
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
|
---
|
|
libsoup/soup-content-sniffer.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
|
|
index 967ec61..a1f23c2 100644
|
|
--- a/libsoup/soup-content-sniffer.c
|
|
+++ b/libsoup/soup-content-sniffer.c
|
|
@@ -227,9 +227,14 @@ sniff_mp4 (SoupContentSniffer *sniffer, SoupBuffer *buffer)
|
|
{
|
|
const char *resource = (const char *)buffer->data;
|
|
guint resource_length = MIN (512, buffer->length);
|
|
- guint32 box_size = *((guint32*)resource);
|
|
+ guint32 box_size;
|
|
guint i;
|
|
|
|
+ if (resource_length < sizeof (guint32))
|
|
+ return FALSE;
|
|
+
|
|
+ box_size = *((guint32*)resource);
|
|
+
|
|
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
|
|
box_size = ((box_size >> 24) |
|
|
((box_size << 8) & 0x00FF0000) |
|
|
--
|
|
2.25.1
|
|
|