diff options
Diffstat (limited to 'media-libs/gst-plugins-good/files/gst-plugins-good-1.26.11-GStreamer-SA-2026-0021.patch')
| -rw-r--r-- | media-libs/gst-plugins-good/files/gst-plugins-good-1.26.11-GStreamer-SA-2026-0021.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/media-libs/gst-plugins-good/files/gst-plugins-good-1.26.11-GStreamer-SA-2026-0021.patch b/media-libs/gst-plugins-good/files/gst-plugins-good-1.26.11-GStreamer-SA-2026-0021.patch new file mode 100644 index 000000000000..951ea0e05ef2 --- /dev/null +++ b/media-libs/gst-plugins-good/files/gst-plugins-good-1.26.11-GStreamer-SA-2026-0021.patch @@ -0,0 +1,73 @@ +https://bugs.gentoo.org/974286 +https://gstreamer.freedesktop.org/security/sa-2026-0021.html +https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11247 + +From 83becc83eac477ecb97171f8278b0047dd7b6d5f Mon Sep 17 00:00:00 2001 +From: Cameron O'Neal <tzusec@gmail.com> +Date: Wed, 1 Apr 2026 13:42:51 +0300 +Subject: [PATCH 1/2] wavparse: Fix integer overflow when checking available + buffer size for reading cues + +See https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5009 + +Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11247> +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -796,6 +796,7 @@ gst_wavparse_cue_chunk (GstWavParse * wav, const guint8 * data, guint32 size) + guint32 i, ncues; + GList *cues = NULL; + GstWavParseCue *cue; ++ guint32 expected_size; + + if (wav->cues) { + GST_WARNING_OBJECT (wav, "found another cue's"); +@@ -808,14 +809,15 @@ gst_wavparse_cue_chunk (GstWavParse * wav, const guint8 * data, guint32 size) + } + + ncues = GST_READ_UINT32_LE (data); ++ size -= 4; ++ data += 4; + +- if (size < 4 + ncues * 24) { ++ if (!g_uint_checked_mul (&expected_size, ncues, 24) || size < expected_size) { + GST_WARNING_OBJECT (wav, "broken file %d %d", size, ncues); + return FALSE; + } + + /* parse data */ +- data += 4; + for (i = 0; i < ncues; i++) { + cue = g_new0 (GstWavParseCue, 1); + cue->id = GST_READ_UINT32_LE (data); +-- +GitLab + + +From 44f04fb2871a173027adcfdbafb72d31fddfec7c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> +Date: Wed, 1 Apr 2026 13:44:52 +0300 +Subject: [PATCH 2/2] wavparse: Use prepend+reverse instead of append when + building the cues list + +append has quadratic behaviour and this can matter if there are a lot of cues. + +Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11247> +--- a/gst/wavparse/gstwavparse.c ++++ b/gst/wavparse/gstwavparse.c +@@ -826,11 +826,11 @@ gst_wavparse_cue_chunk (GstWavParse * wav, const guint8 * data, guint32 size) + cue->chunk_start = GST_READ_UINT32_LE (data + 12); + cue->block_start = GST_READ_UINT32_LE (data + 16); + cue->sample_offset = GST_READ_UINT32_LE (data + 20); +- cues = g_list_append (cues, cue); ++ cues = g_list_prepend (cues, cue); + data += 24; + } + +- wav->cues = cues; ++ wav->cues = g_list_reverse (cues); + + return TRUE; + } +-- +GitLab + |