gnu: gst-libav: Fix a stack corruption bug.

* gnu/packages/patches/gst-libav-64channels-stack-corruption.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gstreamer.scm (gst-libav)[source]: Use it.
This commit is contained in:
Leo Famulari 2021-04-24 14:24:19 -04:00
parent c48b8fed25
commit 46a65b5a3d
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 33 additions and 0 deletions

View File

@ -1169,6 +1169,7 @@ dist_patch_DATA = \
%D%/packages/patches/grub-setup-root.patch \
%D%/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch \
%D%/packages/patches/gspell-dash-test.patch \
%D%/packages/patches/gst-libav-64channels-stack-corruption.patch \
%D%/packages/patches/gst-plugins-good-fix-test.patch \
%D%/packages/patches/gst-plugins-good-CVE-2021-3497.patch \
%D%/packages/patches/gst-plugins-good-CVE-2021-3498.patch \

View File

@ -851,6 +851,7 @@ think twice about shipping them.")
(string-append
"https://gstreamer.freedesktop.org/src/" name "/"
name "-" version ".tar.xz"))
(patches (search-patches "gst-libav-64channels-stack-corruption.patch"))
(sha256
(base32 "0jbzams9ggk3sq9ywv4gsl9rghyn203l2582m6l5c1sz9ka9m5in"))))
(build-system meson-build-system)

View File

@ -0,0 +1,31 @@
Fix a stack corruption when handling files with more than 64 audio
channels:
https://gstreamer.freedesktop.org/security/sa-2021-0005.html
Patch copied from upstream source repository:
https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1
diff --git a/ext/libav/gstavcodecmap.c b/ext/libav/gstavcodecmap.c
index b5be4bb7a5f2712f78383da9319754a8849e3307..be22f22cf5c7c7b22b13e44b10999adaacbcca2b 100644
--- a/ext/libav/gstavcodecmap.c
+++ b/ext/libav/gstavcodecmap.c
@@ -102,7 +102,7 @@ gst_ffmpeg_channel_layout_to_gst (guint64 channel_layout, gint channels,
guint nchannels = 0;
gboolean none_layout = FALSE;
- if (channel_layout == 0) {
+ if (channel_layout == 0 || channels > 64) {
nchannels = channels;
none_layout = TRUE;
} else {
@@ -163,7 +163,7 @@ gst_ffmpeg_channel_layout_to_gst (guint64 channel_layout, gint channels,
} else {
guint i;
- for (i = 0; i < nchannels; i++)
+ for (i = 0; i < nchannels && i < 64; i++)
pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
}
}