From 7bcd791fabe03b9ab1c72f494fc86cd0c06c3556 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 13 Jun 2023 13:22:57 +0300
Subject: [PATCH] tags: Don't allow image tags with G_MAXUINT32 length

This will cause an integer overflow a little bit further down because we
allocate a bit more memory to allow for a NUL-terminator.

The caller should've avoided passing that much data in already as it's
not going to be a valid image and there's likely not even that much data
available.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4897>
---
 subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c b/subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c
index 73e6bb4..d38a0c9 100644
--- a/subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c
+++ b/subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c
@@ -530,7 +530,8 @@ gst_tag_image_data_to_image_sample (const guint8 * image_data,
   GstStructure *image_info = NULL;
 
   g_return_val_if_fail (image_data != NULL, NULL);
-  g_return_val_if_fail (image_data_len > 0, NULL);
+  g_return_val_if_fail (image_data_len > 0
+      || image_data_len == G_MAXUINT32, NULL);
   g_return_val_if_fail (gst_tag_image_type_is_valid (image_type), NULL);
 
   GST_DEBUG ("image data len: %u bytes", image_data_len);
-- 
2.7.4