packages/gstreamer1-plugins-bad-free
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gstreamer1-plugins-bad-free/CVE-2021-3185.patch
lubing6 8987c5395d fix CVE-2021-3185
2021-02-08 16:11:04 +08:00

40 lines
1.4 KiB
Diff
Raw Blame History

From 11353b3f6e2f047cc37483d21e6a37ae558896bc Mon Sep 17 00:00:00 2001
From: Andrew Wesie <andrew@theori.io>
Date: Fri, 16 Oct 2020 12:29:02 +0100
Subject: [PATCH] codecparsers: h264parser: guard against ref_pic_markings
overflow
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1703>
---
gst-libs/gst/codecparsers/gsth264parser.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/gst-libs/gst/codecparsers/gsth264parser.c b/gst-libs/gst/codecparsers/gsth264parser.c
index 1c40b6517c..012f1d0d73 100644
--- a/gst-libs/gst/codecparsers/gsth264parser.c
+++ b/gst-libs/gst/codecparsers/gsth264parser.c
@@ -723,13 +723,17 @@ gst_h264_slice_parse_dec_ref_pic_marking (GstH264SliceHdr * slice,
dec_ref_pic_m->n_ref_pic_marking = 0;
while (1) {
- refpicmarking =
- &dec_ref_pic_m->ref_pic_marking[dec_ref_pic_m->n_ref_pic_marking];
-
READ_UE (nr, mem_mgmt_ctrl_op);
if (mem_mgmt_ctrl_op == 0)
break;
+ if (dec_ref_pic_m->n_ref_pic_marking >=
+ G_N_ELEMENTS (dec_ref_pic_m->ref_pic_marking))
+ goto error;
+
+ refpicmarking =
+ &dec_ref_pic_m->ref_pic_marking[dec_ref_pic_m->n_ref_pic_marking];
+
refpicmarking->memory_management_control_operation = mem_mgmt_ctrl_op;
if (mem_mgmt_ctrl_op == 1 || mem_mgmt_ctrl_op == 3)
--
GitLab
Reference in New Issue View Git Blame Copy Permalink