packages/gstreamer1-plugins-good
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gstreamer1-plugins-good/CVE-2024-47545-pre2.patch
starlet-dx 3a3863eb87 Fix CVE-2024-47544,CVE-2024-47545,CVE-2024-47599 and CVE-2024-47603 
(cherry picked from commit c91da9c62a183f0b0978fa2fb56c05b2a9dbde40)
2024-12-23 08:46:42 +08:00

103 lines
3.3 KiB
Diff
Raw Blame History

Backport of:
From d4bab55077c6a77bd80cb12a8b0d28020ef412a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 24 Sep 2024 09:50:34 +0300
Subject: [PATCH] qtdemux: Skip zero-sized boxes instead of stopping to look at
further boxes
A zero-sized box is not really a problem and can be skipped to look at any
possibly following ones.
BMD ATEM devices specifically write a zero-sized bmdc box in the sample
description, followed by the avcC box in case of h264. Previously the avcC box
would simply not be read at all and the file would be unplayable.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7564>
---
.../gst-plugins-good/gst/isomp4/qtdemux.c | 54 ++++++++++++-------
1 file changed, 36 insertions(+), 18 deletions(-)
--- a/gst/isomp4/qtdemux.c
+++ b/gst/isomp4/qtdemux.c
@@ -11033,9 +11033,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux
else
size = len - 0x8;
- if (size < 1)
- /* No real data, so break out */
- break;
+ /* No real data, so skip */
+ if (size < 1) {
+ len -= 8;
+ avc_data += 8;
+ continue;
+ }
switch (QT_FOURCC (avc_data + 0x4)) {
case FOURCC_avcC:
@@ -11148,9 +11151,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux
else
size = len - 0x8;
- if (size < 1)
- /* No real data, so break out */
- break;
+ /* No real data, so skip */
+ if (size < 1) {
+ len -= 8;
+ hevc_data += 8;
+ continue;
+ }
switch (QT_FOURCC (hevc_data + 0x4)) {
case FOURCC_hvcC:
@@ -11572,9 +11578,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux
else
size = len - 8;
- if (size < 1)
- /* No real data, so break out */
- break;
+ /* No real data, so skip */
+ if (size < 1) {
+ len -= 8;
+ vc1_data += 8;
+ continue;
+ }
switch (QT_FOURCC (vc1_data + 0x4)) {
case GST_MAKE_FOURCC ('d', 'v', 'c', '1'):
@@ -11614,9 +11623,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux
else
size = len - 0x8;
- if (size < 1)
- /* No real data, so break out */
- break;
+ /* No real data, so skip */
+ if (size < 1) {
+ len -= 8;
+ av1_data += 8;
+ continue;
+ }
switch (QT_FOURCC (av1_data + 0x4)) {
case FOURCC_av1C:
@@ -11967,9 +11979,12 @@ qtdemux_parse_trak (GstQTDemux * qtdemux
else
size = len - 8;
- if (size < 1)
- /* No real data, so break out */
- break;
+ /* No real data, so skip */
+ if (size < 1) {
+ len -= 8;
+ wfex_data += 8;
+ continue;
+ }
switch (QT_FOURCC (wfex_data + 4)) {
case GST_MAKE_FOURCC ('w', 'f', 'e', 'x'):
Reference in New Issue View Git Blame Copy Permalink