perl/Module-Build-Tiny: update to 0.051 for Perl 5.36 and 5.38
[oi-userland.git] / components / multimedia / gst-plugins-good / patches / 11-CVE-2017-5840.patch
blob8d5d9e0e38052854e4a366492cf39fb191a2c3c3
1 From 1ffef8bf6076c42bcbaaf0ec4f11ca4cf0c797da Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
3 Date: Thu, 19 Jan 2017 13:46:58 +0200
4 Subject: [PATCH] qtdemux: Increment current stts index whenever we finished
5 one stts entry
7 Otherwise we could read more chunks than there are available, doing an
8 out of bounds read and potentially crash.
10 https://bugzilla.gnome.org/show_bug.cgi?id=777469
11 ---
12 gst/isomp4/qtdemux.c | 2 ++
13 1 file changed, 2 insertions(+)
15 Index: gst-plugins-good0.10-0.10.31/gst/isomp4/qtdemux.c
16 ===================================================================
17 --- gst-plugins-good0.10-0.10.31.orig/gst/isomp4/qtdemux.c 2017-03-23 10:53:56.241831233 -0400
18 +++ gst-plugins-good0.10-0.10.31/gst/isomp4/qtdemux.c 2017-03-23 10:53:56.209830840 -0400
19 @@ -5741,6 +5741,8 @@
20 /* save values */
21 stream->stts_time = stts_time;
22 stream->stts_sample_index = j + 1;
23 + if (stream->stts_sample_index >= stream->stts_samples)
24 + stream->stts_index++;
25 goto done3;