matroskademux: Check for big enough WavPack codec private data before accessing it

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-250
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3866

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8058>

diff --git a/subprojects/gst-plugins-good/gst/matroska/matroska-demux.c b/subprojects/gst-plugins-good/gst/matroska/matroska-demux.c
index 2ed77b50d07867d8b8b06489f93e48a88ac8a176..2a3df8b6c5125eae25f73486358f181bb5c5ac27 100644 (file)
--- a/subprojects/gst-plugins-good/gst/matroska/matroska-demux.c
+++ b/subprojects/gst-plugins-good/gst/matroska/matroska-demux.c
@@ -3894,6 +3894,11 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
   guint8 *buf_data, *data;
   Wavpack4Header wvh;
 
+  if (!stream->codec_priv || stream->codec_priv_size < 2) {
+    GST_ERROR_OBJECT (element, "No or too small wavpack codec private data");
+    return GST_FLOW_ERROR;
+  }
+
   wvh.ck_id[0] = 'w';
   wvh.ck_id[1] = 'v';
   wvh.ck_id[2] = 'p';