33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From bfebca8307ae79223616fd27e8b402118787d394 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
|
Date: Thu, 26 Sep 2024 19:16:19 +0300
|
|
Subject: [PATCH 11/12] qtdemux: Check for invalid atom length when extracting
|
|
Closed Caption data
|
|
|
|
Thanks to Antonio Morales for finding and reporting the issue.
|
|
|
|
Fixes GHSL-2024-243
|
|
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3849
|
|
|
|
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059>
|
|
---
|
|
gst/isomp4/qtdemux.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c
|
|
index 4b9ce20ad37b..7731b2c2c93b 100644
|
|
--- a/gst/isomp4/qtdemux.c
|
|
+++ b/gst/isomp4/qtdemux.c
|
|
@@ -6193,7 +6193,7 @@ extract_cc_from_data (QtDemuxStream * stream, const guint8 * data, gsize size,
|
|
goto invalid_cdat;
|
|
atom_length = QT_UINT32 (data);
|
|
fourcc = QT_FOURCC (data + 4);
|
|
- if (G_UNLIKELY (atom_length > size || atom_length == 8))
|
|
+ if (G_UNLIKELY (atom_length > size || atom_length <= 8))
|
|
goto invalid_cdat;
|
|
|
|
GST_DEBUG_OBJECT (stream->pad, "here");
|
|
--
|
|
GitLab
|
|
|