projects / platform / upstream / gstreamer.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e6f66f4) | patch
qtdemux: fix allocation explosion with stsd entries
authorJustin Chadwell <justin.chadwell@pexip.com>
Tue, 14 Jul 2020 13:24:20 +0000 (14:24 +0100)
committerGStreamer Merge Bot <gitlab-merge-bot@gstreamer-foundation.org>
Wed, 15 Jul 2020 12:10:45 +0000 (12:10 +0000)
commit738f32d5d0f9ec31e20984a0b61d4f1bcdf07806
treef03742ee2e839c64334cb8bde5da95dde074117etree | snapshot
parente6f66f46818f61e8cd111c9f951955d12bc19c54commit | diff
qtdemux: fix allocation explosion with stsd entries

Previously, the user input for stsd entries is trusted completely, and
so a maliciously crafted file could choose the length of the stsd
entries arbitrarily and cause qtdemux to try to allocate up to 2GB of
memory (half of a 32 bit max int).

This patch fixes this by sanity checking the stsd input against the
size of the entire stsd atom.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/670>
gst/isomp4/qtdemux.c diff | blob | history
tests/check/elements/qtdemux.c diff | blob | history
Domain: Multimedia / Media Common;