Hello community,
here is the log from the commit of package gstreamer-plugins-bad.6186 for
openSUSE:13.2:Update checked in at 2017-01-16 15:35:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/gstreamer-plugins-bad.6186 (Old)
and /work/SRC/openSUSE:13.2:Update/.gstreamer-plugins-bad.6186.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gstreamer-plugins-bad.6186"
Changes:
--------
New Changes file:
--- /dev/null 2016-12-08 12:47:06.134691974 +0100
+++
/work/SRC/openSUSE:13.2:Update/.gstreamer-plugins-bad.6186.new/gstreamer-plugins-bad.changes
2017-01-16 15:35:22.458960348 +0100
@@ -0,0 +1,1737 @@
+-------------------------------------------------------------------
+Fri Jan 6 18:35:20 UTC 2017 - mgo...@suse.com
+
+- Add gstreamer-h264-size.patch: ensure codec_data has the right
+ size when reading number of SPS (boo#1013659 CVE-2016-9809).
+- Add gstreamer-mptssection-add-checks.patch: add more section
+ size checks (boo#1013678 CVE-2016-9812).
+- Add gstreamer-mptssection-fix-pat-parsing.patch: fix PAT
+ parsing (boo#1013680 CVE-2016-9813).
+
+-------------------------------------------------------------------
+Tue Nov 22 10:03:53 UTC 2016 - adrien.pla...@suse.com
+
+- Check an integer overflow (CVE-2016-9445) and initialize a buffer
+ (CVE-2016-9446) in vmncdec. (bnc#1010829)
+
+-------------------------------------------------------------------
+Thu Sep 25 09:06:45 UTC 2014 - dims...@opensuse.org
+
+- Update to version 1.4.3:
+ + Bugs fixed: bgo#735861, bgo#736090, bgo#736390, bgo#736426,
+ bgo#736474, bgo#736490, bgo#736729, bgo#736730, bgo#736731,
+ bgo#736732, bgo#736733, bgo#736735, bgo#736750, bgo#736871,
+ bgo#736919, bgo#736951.
+ + Updated translations.
+
+-------------------------------------------------------------------
+Thu Sep 11 19:18:50 UTC 2014 - hrvoje.sen...@gmail.com
+
+- Sync baselibs.conf with changes done with update to 1.4:
+ swap libgstegl-1_0-0 with libgstgl-1_0-0, and added new packages;
+ libgstbadbase-1_0-0 and libgstbadvideo-1_0-0.
+
+-------------------------------------------------------------------
+Thu Aug 28 20:01:27 UTC 2014 - zai...@opensuse.org
+
+- Update to version 1.4.1:
+ + Bugs fixed: bgo#678485, bgo#725871, bgo#730509, bgo#731824,
+ bgo#733245, bgo#733426, bgo#733487, bgo#733490, bgo#733545,
+ bgo#733726, bgo#733837, bgo#734014, bgo#734015, bgo#734269,
+ bgo#734394, bgo#734517, bgo#734519, bgo#734520, bgo#734521,
+ bgo#734522, bgo#734524, bgo#734528, bgo#734531, bgo#734533,
+ bgo#734534, bgo#734536, bgo#734537, bgo#734539, bgo#734544,
+ bgo#734763, bgo#734830, bgo#735078.
+ + Updated translations.
+
+-------------------------------------------------------------------
+Mon Jul 21 11:34:33 UTC 2014 - dims...@opensuse.org
+
+- Update to version 1.4.0:
+ + Major changes:
+ - v4l2videodec element for accessing hardware codecs on
+ platforms that make them accessible via V4L2.
+ The v4l2videodec element replaces the mfcdec element.
+ - New downloadbuffer element that replaces the download
+ buffering feature of queue2. Compared to queue2's code
+ it is much simpler and only for this single use case.
+ - rtpstreampay and rtpstreamdepay elements for transmitting
+ RTP packets over a stream API (e.g. TCP) according to
+ RFC 4571.
+ - rtprtx elements for standard compliant implementation of
+ retransmissions, integrated into the rtpmanager plugin.
+ - audiomixer element that mixes multiple audio streams together
+ into a single one while keeping synchronization. This is
+ planned to become the replacement of the adder element.
+ - OpenNI2 plugin for 3D cameras like the Kinect camera.
+ - OpenEXR plugin for decoding high-dynamic-range EXR images.
+ - curlsshsink and curlsftpsink to write files via SSH/SFTP.
+ - videosignal, ivfparse and sndfile plugins ported from 0.10.
+ - avfvideosrc, vtdec and other elements were ported from 0.10
+ and are available on OS X and iOS now.
+- Add audiomixer and compositor to the list of allowed plugins.
+- Split new subpackages libgstbadbase-1_0-0, libgstgl-1_0-0 and
+ libgstbadvideo-1_0-0.
+- Drop old subpackage libgstegl-1_0-0.
+- Adjust -devel package requirements, following the subpackages.
+- Package baselibs.conf.
+
+-------------------------------------------------------------------
+Mon Apr 28 16:29:09 UTC 2014 - fcro...@suse.com
+
+- Do not build libopenjpeg support on SLE12.
+
+-------------------------------------------------------------------
+Fri Apr 25 12:11:31 UTC 2014 - dims...@opensuse.org
+
+- Update to version 1.2.4:
+ + Bugs fixed: bgo#724013, bgo#725137, bgo#725140.
+
+-------------------------------------------------------------------
+Sun Feb 9 20:59:34 UTC 2014 - zai...@opensuse.org
+
+- Update to version 1.2.3:
+ + Bugs fixed: bgo#709241, bgo#711163, bgo#721382, bgo#721384,
+ bgo#721715, bgo#722158, bgo#722414, bgo#722622, bgo#723127,
+ bgo#723134, bgo#723230, bgo#723398.
+ + Updated translations.
+
+-------------------------------------------------------------------
+Tue Dec 31 18:11:35 UTC 2013 - zai...@opensuse.org
+
+- Update to version 1.2.2:
+ + Bugs fixed: bgo#667564, bgo#680700, bgo#706211, bgo#709416,
+ bgo#710223, bgo#711495, bgo#712219, bgo#712605, bgo#715166,
+ bgo#719657, bgo#720099, bgo#720421, bgo#720532, bgo#720673.
+
+-------------------------------------------------------------------
+Mon Nov 11 14:13:03 UTC 2013 - dims...@opensuse.org
+
+- Update to version 1.2.1:
+ + Bugs fixed: bgo#690148, bgo#707974, bgo#708161, bgo#708222,
+ bgo#708849, bgo#709145, bgo#709373, bgo#709531, bgo#709886,
+ bgo#710392, bgo#710433, bgo#710451, bgo#710657, bgo#710881,
+ bgo#711135, bgo#711156, bgo#711214, bgo#711615, bgo#711627,
+ bgo#711721.
+ + Updated translations.
+- Replace autoconf BuildRequires with gnome-common: we need to run
+ a full cycle of autogen.sh.
+- Run autogen.sh instead of autoconf (autoconf does not refresh all
+ files needed and some happen to have stale information
+ afterwards).
+- Define an alias for git=true: autogen.sh would want to update the
+ git snapshot for us, which we do not want to happen.
+
+-------------------------------------------------------------------
+Tue Oct 22 20:59:39 UTC 2013 - dims...@opensuse.org
+
+- Update to version 1.2.0:
+ + A bunch of API changes (new stable branch 1.2).
+ + New tool: gst-play-1.0 in gst-plugins-base for basic playback
+ testing on the command line.
+ + New plugins:
+ - mssdemux for Microsoft Smooth Streaming.
+ - dashdemux for DASH adaptive streaming protocol.
+ - bluez for interaction with Bluetooth devices.
+ - openjpeg for JPEG2000 decoding and encoding.
+ - daala for experimental Daala decoding and encoding.
+ - vpx plugin has experimental VP9 decoding and encoding
+ support.
+ - webp plugin for WebP decoding (encoding to be added later).
+ - Various others: yadif, srtp, sbc, fluidsynth, midiparse,
+ mfc, ivtv, accuraterip and audiofxbad.
+ + Moved plugins: dtmf, vp8rtp, scaletempo and rtpmux plugins are
+ now in gstreamer-plugins-good.
+ + Audio and Video related fixes.
+ + Other changes:
+ - gst-libav now uses libav 9.
+ - Static linking of plugins is supported now.
+ - rtspsrc: add support for NetClientClock.
+ - RTP retransmission / NACK support and big RTP jitterbuffer
+ improvements.
+ - SRTP and DTLS support.
+ - Changes to many elements and core to use the correct sticky
+ event order and also not lose any important sticky events
+ during flushing.
+ - >1000 fixed bug reports, and many other bug fixes and other
+ improvements everywhere that had no bug report.
+ + Notes:
+ - Single header includes for all libraries,
+ e.g. #include <gst/video/video.h>
+ - Stricter (correct) caps subset checking in some cases.
+ - x264enc now outputs data in byte-stream by default if
+ downstream has ANY caps.
+ - The MPEG TS demuxer posts messages contain the PMT, PAT,
+ etc, in a different format now.
+ - The GstContext API has changed between 1.1.4 and 1.1.90.
+- Disable translation-update-upstream, as it breaks the build.
+- Drop pkgconfig(directfb) BuildRequires: for one, DirectFB is
+ outdated and additionally, it's broken in 1.2.0.
+- Drop pkgconfig(celt) BuildRequires: celt was replaced by opus.
+- Remove library packages of no longer existing libs:
+ + libgstbasevideo-1_0-0
+ + libgstsignalprocessor-1_0-0
+- Add additional subpackages, according the shared library
+ packaging policy (also provide -32bit packages):
+ + libgstegl-1_0-0
+ + libgstinsertbin-1_0-0
+ + libgstmpegts-1_0-0
+ + libgsturidownloader-1_0-0
+- Update devel package dependencies on own libraries.
+
+-------------------------------------------------------------------
+Sat Aug 31 10:42:22 UTC 2013 - zai...@opensuse.org
+
+- Update to version 1.0.10:
+ + build: fix bz2 configure check on Windows.
+ + interaudiosrc: make silence memory actually contain silence.
+ + neonhttpsrc: allow building with neon-0.30.
+ + rtpvp8depay: mark key frames and delta frames properly.
+ + pcapparse: fix double unref causing criticals and/or crashes.
+ + mpegvideoparse: fix level detection.
+ + Bugs fixed: bgo#465924, bgo#705957, bgo#706369, bgo#705550.
+- Drop gstreamer-neon-0_30.patch, fixed upstream.
+
+-------------------------------------------------------------------
+Sat Aug 24 12:20:19 UTC 2013 - zai...@opensuse.org
+
++++ 1540 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:13.2:Update/.gstreamer-plugins-bad.6186.new/gstreamer-plugins-bad.changes
New:
----
baselibs.conf
gst-plugins-bad-1.4.3-patched.tar.xz
gst-plugins-bad-1.4.3.tar.xz
gstreamer-h264-size.patch
gstreamer-mptssection-add-checks.patch
gstreamer-mptssection-fix-pat-parsing.patch
gstreamer-plugins-bad-patch-source.sh
gstreamer-plugins-bad-real.patch
gstreamer-plugins-bad-vmncdec-sanity-check.patch
gstreamer-plugins-bad.changes
gstreamer-plugins-bad.spec
pre_checkin.sh
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gstreamer-plugins-bad.spec ++++++
++++ 685 lines (skipped)
++++++ baselibs.conf ++++++
gstreamer-plugins-bad
gstreamer-plugins-bad-orig-addon
libgstbadbase-1_0-0
libgstbadvideo-1_0-0
libgstbasecamerabinsrc-1_0-0
libgstcodecparsers-1_0-0
libgstgl-1_0-0
libgstinsertbin-1_0-0
libgstmpegts-1_0-0
libgstphotography-1_0-0
libgsturidownloader-1_0-0
libgstvdp-1_0-0
++++++ gstreamer-h264-size.patch ++++++
>From 1dbfef93d6aca245f1793f9b5348a9dbcd02be97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebast...@centricular.com>
Date: Wed, 23 Nov 2016 10:51:17 +0200
Subject: [PATCH] h264parse: Ensure codec_data has the required size when
reading number of SPS
https://bugzilla.gnome.org/show_bug.cgi?id=774896
---
gst/videoparsers/gsth264parse.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/gst/videoparsers/gsth264parse.c b/gst/videoparsers/gsth264parse.c
index be2f462..e4dcbc3 100644
--- a/gst/videoparsers/gsth264parse.c
+++ b/gst/videoparsers/gsth264parse.c
@@ -2583,6 +2583,10 @@ gst_h264_parse_set_caps (GstBaseParse * parse, GstCaps *
caps)
off = nalu.offset + nalu.size;
}
+ if (off >= size) {
+ gst_buffer_unmap (codec_data, &map);
+ goto avcc_too_small;
+ }
num_pps = data[off];
off++;
--
2.6.6
++++++ gstreamer-mptssection-add-checks.patch ++++++
>From d58f668ece8795bddb3316832e1848c7b7cf38ac Mon Sep 17 00:00:00 2001
From: Edward Hervey <edw...@centricular.com>
Date: Sat, 26 Nov 2016 10:44:43 +0100
Subject: [PATCH] mpegtssection: Add more section size checks
The smallest section ever needs to be at least 3 bytes (i.e. just the short
header).
Non-short headers need to be at least 11 bytes long (3 for the minimum header,
5 for the non-short header, and 4 for the CRC).
https://bugzilla.gnome.org/show_bug.cgi?id=775048
---
gst-libs/gst/mpegts/gstmpegtssection.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/gst-libs/gst/mpegts/gstmpegtssection.c
b/gst-libs/gst/mpegts/gstmpegtssection.c
index cb9e3c5..cc5e21b 100644
--- a/gst-libs/gst/mpegts/gstmpegtssection.c
+++ b/gst-libs/gst/mpegts/gstmpegtssection.c
@@ -1179,13 +1179,20 @@ gst_mpegts_section_new (guint16 pid, guint8 * data,
gsize data_size)
GstMpegtsSection *res = NULL;
guint8 tmp;
guint8 table_id;
- guint16 section_length;
+ guint16 section_length = 0;
+
+ /* The smallest section ever is 3 bytes */
+ if (G_UNLIKELY (data_size < 3))
+ goto short_packet;
/* Check for length */
section_length = GST_READ_UINT16_BE (data + 1) & 0x0FFF;
if (G_UNLIKELY (data_size < section_length + 3))
goto short_packet;
+ GST_LOG ("data_size:%" G_GSIZE_FORMAT " section_length:%u",
+ data_size, section_length);
+
/* Table id is in first byte */
table_id = *data;
@@ -1200,6 +1207,13 @@ gst_mpegts_section_new (guint16 pid, guint8 * data,
gsize data_size)
/* section_length (already parsed) : 12 bit */
res->section_length = section_length + 3;
if (!res->short_section) {
+ /* A long packet needs to be at least 11 bytes long
+ * _ 3 for the bytes above
+ * _ 5 for the bytes below
+ * _ 4 for the CRC */
+ if (G_UNLIKELY (data_size < 11))
+ goto bad_long_packet;
+
/* CRC is after section_length (-4 for the size of the CRC) */
res->crc = GST_READ_UINT32_BE (res->data + res->section_length - 4);
/* Skip to after section_length */
@@ -1229,6 +1243,13 @@ short_packet:
g_free (data);
return NULL;
}
+bad_long_packet:
+ {
+ GST_WARNING ("PID 0x%04x long section is too short (%" G_GSIZE_FORMAT
+ " bytes, need at least 11)", pid, data_size);
+ gst_mpegts_section_unref (res);
+ return NULL;
+ }
}
/**
--
2.6.6
++++++ gstreamer-mptssection-fix-pat-parsing.patch ++++++
>From 7b12593cceaa0726d7fc370a7556a8e773ccf318 Mon Sep 17 00:00:00 2001
From: Edward Hervey <edw...@centricular.com>
Date: Sat, 26 Nov 2016 10:23:01 +0100
Subject: [PATCH] mpegtssection: Fix PAT parsing
Use the estimated number of programs for parsing. Avoids over-reading.
https://bugzilla.gnome.org/show_bug.cgi?id=775120
---
gst-libs/gst/mpegts/gstmpegtssection.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gst-libs/gst/mpegts/gstmpegtssection.c
b/gst-libs/gst/mpegts/gstmpegtssection.c
index dbbaa9e..cb9e3c5 100644
--- a/gst-libs/gst/mpegts/gstmpegtssection.c
+++ b/gst-libs/gst/mpegts/gstmpegtssection.c
@@ -414,7 +414,7 @@ static gpointer
_parse_pat (GstMpegtsSection * section)
{
GPtrArray *pat;
- guint16 i = 0, nb_programs;
+ guint16 i, nb_programs;
GstMpegtsPatProgram *program;
guint8 *data, *end;
@@ -430,7 +430,9 @@ _parse_pat (GstMpegtsSection * section)
g_ptr_array_new_full (nb_programs,
(GDestroyNotify) _mpegts_pat_program_free);
- while (data < end - 4) {
+ GST_LOG ("nb_programs %u", nb_programs);
+
+ for (i = 0; i < nb_programs; i++) {
program = g_slice_new0 (GstMpegtsPatProgram);
program->program_number = GST_READ_UINT16_BE (data);
data += 2;
@@ -439,8 +441,6 @@ _parse_pat (GstMpegtsSection * section)
data += 2;
g_ptr_array_index (pat, i) = program;
-
- i++;
}
pat->len = nb_programs;
--
2.6.6
++++++ gstreamer-plugins-bad-patch-source.sh ++++++
#!/bin/sh
# Process a gst-plugins-bad tarball to remove
# unwanted GStreamer plugins.
#
# See https://bugzilla.redhat.com/show_bug.cgi?id=532470
# for details
# See https://bugzilla.novell.com/show_bug.cgi?id=637056
# for openSUSE discussion
#
# Bastien Nocera <bnoc...@redhat.com> - 2010
#
SOURCE="$1"
NEW_SOURCE=`echo $SOURCE | sed 's/\.tar/-patched.tar/'`
DIRECTORY=`echo $SOURCE | sed 's/\.tar\.xz//'`
ALLOWED="
aacparse
accurip
adpcmdec
adpcmenc
aiff
aiffparse
audiomixer
amrparse
asfmux
audiofxbad
audioparsers
audiovisualizers
autoconvert
bayer
camerabin
camerabin2
coloreffects
colorspace
compositor
cdxaparse
dataurisrc
dccp
debugutils
dtmf
dvbsuboverlay
faceoverlay
festival
fieldanalysis
freeverb
freeze
frei0r
gdp
gaudieffects
geometrictransform
h264parse
hdvparse
hls
id3tag
inter
interlace
invtelecine
ivfparse
ivtc
jp2kdecimator
jpegformat
legacyresample
librfb
liveadder
midi
mve
mpeg4videoparse
mpegdemux
mpegpsmux
mpegtsdemux
mpegtsmux
mpegvideoparse
mxf
nsf
nuvdemux
patchdetect
pcapparse
pnm
qtmux
rawparse
real
removesilence
rtpmux
rtpvp8
scaletempo
sdi
sdp
segmentclip
selector
smooth
speed
stereo
subenc
tta
valve
videofilters
videomaxrate
videomeasure
videoparsers
videosignal
vmnc
y4m
yadif
"
NOT_ALLOWED="
dvdspu
siren
"
error()
{
MESSAGE=$1
echo $MESSAGE
exit 1
}
check_allowed()
{
MODULE=$1
for i in $ALLOWED ; do
if test x$MODULE = x$i ; then
return 0;
fi
done
# Ignore errors coming from ext/ directory
# they require external libraries so are ineffective anyway
return 1;
}
check_not_allowed()
{
MODULE=$1
for i in $NOT_ALLOWED ; do
if test x$MODULE = x$i ; then
return 0;
fi
done
return 1;
}
rm -rf $DIRECTORY
tar xf $SOURCE || error "Cannot unpack $SOURCE"
pushd $DIRECTORY > /dev/null || error "Cannot open directory \"$DIRECTORY\""
for subdir in gst ext sys; do
for dir in $subdir/* ; do
# Don't touch non-directories
if ! [ -d $dir ] ; then
continue;
fi
MODULE=`basename $dir`
if ( check_not_allowed $MODULE ) ; then
echo "**** Removing $MODULE ****"
echo "Removing directory $dir"
rm -r $dir || error "Cannot remove $dir"
if grep -q "AG_GST_CHECK_PLUGIN($MODULE)" configure.ac
; then
echo "Removing element check for $MODULE"
grep -v "AG_GST_CHECK_PLUGIN($MODULE)"
configure.ac > configure.ac.new && mv configure.ac.new configure.ac
fi
echo "Removing Makefile generation for $MODULE"
grep -v "$dir/Makefile" configure.ac > configure.ac.new
&& mv configure.ac.new configure.ac
# Urgh
if test $MODULE = mpegtsmux ; then
grep -v "gst/mpegtsmux/tsmux/Makefile"
configure.ac > configure.ac.new && mv configure.ac.new configure.ac
fi
if test $MODULE = real ; then
grep -v "AG_GST_DISABLE_PLUGIN(real)"
configure.ac > configure.ac.new && mv configure.ac.new configure.ac
fi
echo "Removing documentation for $MODULE"
if grep -q "$MODULE" docs/plugins/Makefile.am ; then
grep -v $dir docs/plugins/Makefile.am >
docs/plugins/Makefile.am.new && mv docs/plugins/Makefile.am.new
docs/plugins/Makefile.am
fi
echo
elif test $subdir = ext || test $subdir = sys; then
# Ignore library or system non-blacklisted plugins
continue;
elif ! ( check_allowed $MODULE ) ; then
echo "Unknown module in $dir"
exit 1
fi
done
done
autoreconf
popd > /dev/null
tar cJf $NEW_SOURCE $DIRECTORY
rm -rf $DIRECTORY
echo "$NEW_SOURCE is ready to use"
++++++ gstreamer-plugins-bad-real.patch ++++++
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -297,7 +297,7 @@ AG_GST_CHECK_PLUGIN(xdgmime)
dnl *** plug-ins to exclude ***
dnl real plugin only works on i386 and x86_64 for the time being.
-if test "x$HAVE_CPU_I386" != "xyes" && test "x$HAVE_CPU_X86_64" != "xyes"; then
+if test "x$HAVE_CPU_I386" != "xyes" && test "x$HAVE_CPU_X86_64" != "xyes" &&
test "$HAVE_CPU_PPC" != yes; then
AC_MSG_WARN([Not building real plugin, only works on 32bit and 64bit x86
platforms])
AG_GST_DISABLE_PLUGIN(real)
fi
Index: gst/real/gstreal.h
===================================================================
--- gst/real/gstreal.h.orig
+++ gst/real/gstreal.h
@@ -31,5 +31,9 @@
"/usr/lib64/win32:/usr/lib64/codecs:" \
"/usr/local/lib64/win32:/usr/local/lib64/codecs"
#endif
+#ifdef HAVE_CPU_PPC
+#define DEFAULT_REAL_CODECS_PATH \
+ "/usr/lib/codecs:/usr/lib/RealPlayer10/codecs:/usr/local/lib/codecs"
+#endif
#endif /* __GST_REAL_H__ */
++++++ gstreamer-plugins-bad-vmncdec-sanity-check.patch ++++++
>From 4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebast...@centricular.com>
Date: Wed, 16 Nov 2016 20:41:39 +0200
Subject: vmncdec: Sanity-check width/height before using it
We will allocate a screen area of width*height*bpp bytes, however this
calculation can easily overflow if too high width or height are given
inside the stream. Nonetheless we would just assume that enough memory
was allocated, try to fill it and overwrite as much memory as wanted.
Also allocate the screen area filled with zeroes to ensure that we start
with full-black and not any random (or not so random) data.
https://scarybeastsecurity.blogspot.gr/2016/11/0day-poc-risky-design-decisions-in.html
Ideally we should just remove this plugin in favour of the one in
gst-libav, which generally seems to be of better code quality.
https://bugzilla.gnome.org/show_bug.cgi?id=774533
diff --git a/gst/vmnc/vmncdec.c b/gst/vmnc/vmncdec.c
index e8d498c..b3c9778 100644
--- a/gst/vmnc/vmncdec.c
+++ b/gst/vmnc/vmncdec.c
@@ -260,7 +260,7 @@ vmnc_handle_wmvi_rectangle (GstVMncDec * dec, struct
RfbRectangle *rect,
gst_video_codec_state_unref (state);
g_free (dec->imagedata);
- dec->imagedata = g_malloc (dec->format.width * dec->format.height *
+ dec->imagedata = g_malloc0 (dec->format.width * dec->format.height *
dec->format.bytes_per_pixel);
GST_DEBUG_OBJECT (dec, "Allocated image data at %p", dec->imagedata);
@@ -790,6 +790,10 @@ vmnc_handle_packet (GstVMncDec * dec, const guint8 * data,
int len,
GST_WARNING_OBJECT (dec, "Rectangle out of range, type %d",
r.type);
return ERROR_INVALID;
}
+ } else if (r.width > 16384 || r.height > 16384) {
+ GST_WARNING_OBJECT (dec, "Width or height too high: %ux%u", r.width,
+ r.height);
+ return ERROR_INVALID;
}
switch (r.type) {
--
cgit v0.10.2
++++++ pre_checkin.sh ++++++
#!/bin/sh
for i in gst-plugins-bad*.tar.xz ; do
case $i in *patched*) continue ;; esac
test -f ${i//.tar./-patched.tar.} && continue
bash gstreamer-plugins-bad-patch-source.sh $i
done
