From: Leo Famulari <leo@famulari.name>
To: 48000@debbugs.gnu.org
Subject: [bug#48000] [PATCH 2/5] gnu: gst-libav: Fix a stack corruption bug.
Date: Sat, 24 Apr 2021 15:14:32 -0400 [thread overview]
Message-ID: <abd60c78df7e73166ffddeb68727fadae85a3ff3.1619291675.git.leo@famulari.name> (raw)
In-Reply-To: <06babf269cf58ba83c67efd7fd905f9d5a6bb5b5.1619291675.git.leo@famulari.name>
* gnu/packages/patches/gst-libav-64channels-stack-corruption.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gstreamer.scm (gst-libav)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/gstreamer.scm | 1 +
...st-libav-64channels-stack-corruption.patch | 31 +++++++++++++++++++
3 files changed, 33 insertions(+)
create mode 100644 gnu/packages/patches/gst-libav-64channels-stack-corruption.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index e19daf76ca..b3e84be598 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1169,6 +1169,7 @@ dist_patch_DATA = \
%D%/packages/patches/grub-setup-root.patch \
%D%/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch \
%D%/packages/patches/gspell-dash-test.patch \
+ %D%/packages/patches/gst-libav-64channels-stack-corruption.patch \
%D%/packages/patches/gst-plugins-good-fix-test.patch \
%D%/packages/patches/gst-plugins-good-CVE-2021-3497.patch \
%D%/packages/patches/gst-plugins-good-CVE-2021-3498.patch \
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 6a050ca297..81ac0a2f5f 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -851,6 +851,7 @@ think twice about shipping them.")
(string-append
"https://gstreamer.freedesktop.org/src/" name "/"
name "-" version ".tar.xz"))
+ (patches (search-patches "gst-libav-64channels-stack-corruption.patch"))
(sha256
(base32 "0jbzams9ggk3sq9ywv4gsl9rghyn203l2582m6l5c1sz9ka9m5in"))))
(build-system meson-build-system)
diff --git a/gnu/packages/patches/gst-libav-64channels-stack-corruption.patch b/gnu/packages/patches/gst-libav-64channels-stack-corruption.patch
new file mode 100644
index 0000000000..cc174e618d
--- /dev/null
+++ b/gnu/packages/patches/gst-libav-64channels-stack-corruption.patch
@@ -0,0 +1,31 @@
+Fix a stack corruption when handling files with more than 64 audio
+channels:
+
+https://gstreamer.freedesktop.org/security/sa-2021-0005.html
+
+Patch copied from upstream source repository:
+
+https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1
+
+diff --git a/ext/libav/gstavcodecmap.c b/ext/libav/gstavcodecmap.c
+index b5be4bb7a5f2712f78383da9319754a8849e3307..be22f22cf5c7c7b22b13e44b10999adaacbcca2b 100644
+--- a/ext/libav/gstavcodecmap.c
++++ b/ext/libav/gstavcodecmap.c
+@@ -102,7 +102,7 @@ gst_ffmpeg_channel_layout_to_gst (guint64 channel_layout, gint channels,
+ guint nchannels = 0;
+ gboolean none_layout = FALSE;
+
+- if (channel_layout == 0) {
++ if (channel_layout == 0 || channels > 64) {
+ nchannels = channels;
+ none_layout = TRUE;
+ } else {
+@@ -163,7 +163,7 @@ gst_ffmpeg_channel_layout_to_gst (guint64 channel_layout, gint channels,
+ } else {
+ guint i;
+
+- for (i = 0; i < nchannels; i++)
++ for (i = 0; i < nchannels && i < 64; i++)
+ pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
+ }
+ }
--
2.31.1
next prev parent reply other threads:[~2021-04-24 19:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-24 19:12 [bug#48000] GStreamer security updates Leo Famulari
2021-04-24 19:14 ` [bug#48000] [PATCH 1/5] gnu: gst-plugins-good: Fix CVE-2021-3497 and CVE-2021-3498 Leo Famulari
2021-04-24 19:14 ` Leo Famulari [this message]
2021-04-24 19:14 ` [bug#48000] [PATCH 3/5] gnu: gst-plugins-bad: Fix an overflow when processing video files Leo Famulari
2021-04-24 19:14 ` [bug#48000] [PATCH 4/5] gnu: gst-plugins-base: Fix an invalid read when parsing ID3v2 tags Leo Famulari
2021-04-24 19:14 ` [bug#48000] [PATCH 5/5] gnu: gst-plugins-ugly: Fix some out-of-bounds reads Leo Famulari
2021-04-25 8:45 ` [bug#48000] GStreamer security updates Maxime Devos
2021-04-27 6:01 ` bug#48000: " Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abd60c78df7e73166ffddeb68727fadae85a3ff3.1619291675.git.leo@famulari.name \
--to=leo@famulari.name \
--cc=48000@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).