[gstreamer-plugins-base: 189/216] typefind: bounds check windows ico detection
commit da198fbaddc5c68d2c557e010b31a5f315f03811
Author: Wim Taymans <wtaymans(a)redhat.com>
Date: Tue Dec 6 17:05:50 2016 +0100
typefind: bounds check windows ico detection
(rhbz#1401949)
...pefind-bounds-check-windows-ico-detection.patch | 28 ++++++++++++++++++++++
gstreamer-plugins-base.spec | 8 ++++++-
2 files changed, 35 insertions(+), 1 deletion(-)
---
diff --git a/0001-typefind-bounds-check-windows-ico-detection.patch
b/0001-typefind-bounds-check-windows-ico-detection.patch
new file mode 100644
index 0000000..917e0e4
--- /dev/null
+++ b/0001-typefind-bounds-check-windows-ico-detection.patch
@@ -0,0 +1,28 @@
+From 566e3e60698be7ea414ae5a495f111c0e7008702 Mon Sep 17 00:00:00 2001
+From: Wim Taymans <wtaymans(a)redhat.com>
+Date: Tue, 6 Dec 2016 16:59:42 +0100
+Subject: [PATCH] typefind: bounds check windows ico detection
+
+Fixes out of bounds read
+
+https://bugzilla.gnome.org/show_bug.cgi?id=774902
+---
+ gst/typefind/gsttypefindfunctions.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/gst/typefind/gsttypefindfunctions.c b/gst/typefind/gsttypefindfunctions.c
+index 27823b6..c8629b7 100644
+--- a/gst/typefind/gsttypefindfunctions.c
++++ b/gst/typefind/gsttypefindfunctions.c
+@@ -4149,6 +4149,8 @@ windows_icon_typefind (GstTypeFind * find, gpointer user_data)
+ gint32 size, offset;
+
+ datalen = gst_type_find_get_length (find);
++ if (datalen < 18)
++ return;
+ if ((data = gst_type_find_peek (find, 0, 6)) == NULL)
+ return;
+
+--
+2.9.3
+
diff --git a/gstreamer-plugins-base.spec b/gstreamer-plugins-base.spec
index 701f11b..8c0a815 100644
--- a/gstreamer-plugins-base.spec
+++ b/gstreamer-plugins-base.spec
@@ -4,7 +4,7 @@
Name: %{gstreamer}-plugins-base
Version: %{gstreamer_version}
-Release: 14%{?dist}
+Release: 15%{?dist}
Summary: GStreamer streaming media framework base plug-ins
Group: Applications/Multimedia
@@ -46,6 +46,7 @@ BuildRequires: gtk-doc >= 1.3
Patch0: 0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
Patch1: 0001-audioresample-Fix-build-on-x86-if-emmintrin.h-is-ava.patch
Patch2: 0002-audioresample-It-s-HAVE_EMMINTRIN_H-not-HAVE_XMMINTR.patch
+Patch3: 0001-typefind-bounds-check-windows-ico-detection.patch
%description
GStreamer is a streaming media framework, based on graphs of filters which
@@ -62,6 +63,7 @@ This package contains a set of well-maintained base plug-ins.
%patch0 -p1 -b .mpegaudioversion
%patch1 -p1 -b .0001
%patch2 -p1 -b .0002
+%patch3 -p1 -b .0003
%build
%configure \
@@ -356,6 +358,10 @@ library.
%doc %{_datadir}/gtk-doc/html/gst-plugins-base-plugins-%{majorminor}
%changelog
+* Tue Dec 06 2016 Wim Taymans <wtaymans(a)redhat.com> - 0.10.36-15
+- typefind: bounds check windows ico detection
+ (rhbz#1401949)
+
* Wed Feb 03 2016 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.10.36-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild