main/gst-plugins-base1/CVE-2016-9811.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

From 2fdccfd64fc609e44e9c4b8eed5bfdc0ab9c9095 Mon Sep 17 00:00:00 2001
From: Matthew Waters <matthew@centricular.com>
Date: Wed, 23 Nov 2016 21:27:55 +1100
Subject: [PATCH] typefind: bounds check windows ico detection

Fixes out of bounds read

https://bugzilla.gnome.org/show_bug.cgi?id=774902
---
 gst/typefind/gsttypefindfunctions.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gst/typefind/gsttypefindfunctions.c b/gst/typefind/gsttypefindfunctions.c
index 7cac6bd..d790445 100644
--- a/gst/typefind/gsttypefindfunctions.c
+++ b/gst/typefind/gsttypefindfunctions.c
@@ -5224,6 +5224,8 @@ windows_icon_typefind (GstTypeFind * find, gpointer user_data)
   gint32 size, offset;
 
   datalen = gst_type_find_get_length (find);
+  if (datalen < 18)
+    return;
   if ((data = gst_type_find_peek (find, 0, 6)) == NULL)
     return;