From: Peter Marko <peter.ma...@siemens.com> Pick commit from: * https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039
Signed-off-by: Peter Marko <peter.ma...@siemens.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- ...or-NULL-return-of-strchr-when-parsin.patch | 39 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch new file mode 100644 index 0000000000..b778e7053b --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch @@ -0,0 +1,39 @@ +From 4c40f73b7002967e824ef34a5435282f4a0ea363 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebast...@centricular.com> +Date: Wed, 9 Oct 2024 11:23:47 -0400 +Subject: [PATCH] subparse: Check for NULL return of strchr() when parsing LRC + subtitles + +Thanks to Antonio Morales for finding and reporting the issue. + +Fixes GHSL-2024-263 +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3892 + +Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039> + +CVE: CVE-2024-47835 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4c40f73b7002967e824ef34a5435282f4a0ea363] +Signed-off-by: Peter Marko <peter.ma...@siemens.com> +--- + gst/subparse/gstsubparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c +index 8d925524a6..7d286ed318 100644 +--- a/gst/subparse/gstsubparse.c ++++ b/gst/subparse/gstsubparse.c +@@ -1068,6 +1068,11 @@ parse_lrc (ParserState * state, const gchar * line) + return NULL; + + start = strchr (line, ']'); ++ // sscanf() does not check for the trailing ] but only up to the last ++ // placeholder, so there might be no ] at the end. ++ if (!start) ++ return NULL; ++ + if (start - line == 9) + milli = 10; + else +-- +2.30.2 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 982389d657..05cb956815 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -18,6 +18,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch \ file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \ file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \ + file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#209384): https://lists.openembedded.org/g/openembedded-core/message/209384 Mute This Topic: https://lists.openembedded.org/mt/110422599/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
