forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
media-libs/gst-plugins-bad: Fix CVE-2015-0797, bug #553742
Package-Manager: portage-2.2.26
- Loading branch information
Showing
2 changed files
with
85 additions
and
0 deletions.
There are no files selected for viewing
30 changes: 30 additions & 0 deletions
30
media-libs/gst-plugins-bad/files/gst-plugins-bad-0.10.23-CVE-2015-0797.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
From: Ralph Giles <[email protected]> | ||
Subject: Fix buffer overflow in mp4 parsing | ||
|
||
--- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c | ||
+++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c | ||
@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse * | ||
|
||
GST_DEBUG_OBJECT (h264parse, "nal length %d", size); | ||
|
||
+ if (size > G_MAXUINT32 - nl) { | ||
+ GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL), | ||
+ ("overflow in nal size")); | ||
+ return NULL; | ||
+ } | ||
buf = gst_buffer_new_and_alloc (size + nl + 4); | ||
if (format == GST_H264_PARSE_FORMAT_AVC) { | ||
GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl)); | ||
@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse | ||
GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size); | ||
return; | ||
} | ||
+ if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) { | ||
+ GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)", | ||
+ nalu->size); | ||
+ return; | ||
+ } | ||
|
||
/* we have a peek as well */ | ||
nal_type = nalu->type; | ||
|
55 changes: 55 additions & 0 deletions
55
media-libs/gst-plugins-bad/gst-plugins-bad-0.10.23-r3.ebuild
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# Copyright 1999-2014 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
# $Id$ | ||
|
||
EAPI="5" | ||
|
||
GST_ORG_MODULE="gst-plugins-bad" | ||
inherit eutils flag-o-matic gstreamer | ||
|
||
DESCRIPTION="Less plugins for GStreamer" | ||
HOMEPAGE="http://gstreamer.freedesktop.org/" | ||
SRC_URI+=" https://dev.gentoo.org/~tetromino/distfiles/${PN}/${P}-h264-patches.tar.xz" | ||
|
||
LICENSE="LGPL-2" | ||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" | ||
IUSE="+orc" | ||
|
||
RDEPEND=" | ||
>=dev-libs/glib-2.34.3:2[${MULTILIB_USEDEP}] | ||
>=media-libs/gst-plugins-base-0.10.36:${SLOT}[${MULTILIB_USEDEP}] | ||
>=media-libs/gstreamer-0.10.36:${SLOT}[${MULTILIB_USEDEP}] | ||
orc? ( >=dev-lang/orc-0.4.17[${MULTILIB_USEDEP}] ) | ||
" | ||
DEPEND="${RDEPEND}" | ||
RDEPEND="${RDEPEND} | ||
!<media-plugins/gst-plugins-farsight-0.12.11:${SLOT}" | ||
|
||
src_prepare() { | ||
# Patches from 0.10 branch fixing h264 baseline decoding; bug #446384 | ||
epatch "${WORKDIR}/${P}-h264-patches"/*.patch | ||
# Fix CVE-2015-0797, bug #553742 | ||
epatch "${FILESDIR}"/${P}-CVE-2015-0797.patch | ||
} | ||
|
||
src_configure() { | ||
strip-flags | ||
replace-flags "-O3" "-O2" | ||
filter-flags "-fprefetch-loop-arrays" # (Bug #22249) | ||
|
||
multilib-minimal_src_configure | ||
} | ||
|
||
multilib_src_configure() { | ||
gstreamer_multilib_src_configure \ | ||
$(use_enable orc) \ | ||
--disable-examples \ | ||
--disable-debug \ | ||
--disable-static | ||
} | ||
|
||
multilib_src_install_all() { | ||
DOCS="AUTHORS ChangeLog NEWS README RELEASE" | ||
einstalldocs | ||
prune_libtool_files --modules | ||
} |