From 72868f7894c23bd9c18b84724d45890a8e744173 Mon Sep 17 00:00:00 2001 From: Bo Liu Date: Tue, 2 Jan 2024 15:47:57 +0800 Subject: [PATCH] Fix CVE-2023-44429 Signed-off-by: Bo Liu --- ...mer1-plugins-bad-free-CVE-2023-44429.patch | 32 +++++++++++++++++++ gstreamer1-plugins-bad-free.spec | 8 ++++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 gstreamer1-plugins-bad-free-CVE-2023-44429.patch diff --git a/gstreamer1-plugins-bad-free-CVE-2023-44429.patch b/gstreamer1-plugins-bad-free-CVE-2023-44429.patch new file mode 100644 index 0000000..46f3ddc --- /dev/null +++ b/gstreamer1-plugins-bad-free-CVE-2023-44429.patch @@ -0,0 +1,32 @@ +From a9ab0f601c3ac5b334c34e1d02889262f2aa7934 Mon Sep 17 00:00:00 2001 +From: Benjamin Gaignard +Date: Wed, 4 Oct 2023 11:14:38 +0200 +Subject: [PATCH] codecparsers: av1: Clip max tile rows and cols values + +Clip tile rows and cols to 64 as describe in AV1 specification. + +Fixes ZDI-CAN-22226 / CVE-2023-44429 + +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3015 + +Part-of: +--- + gst-libs/gst/codecparsers/gstav1parser.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/gst-libs/gst/codecparsers/gstav1parser.c b/gst-libs/gst/codecparsers/gstav1parser.c +index 6f6b741..ba8c82a 100644 +--- a/gst-libs/gst/codecparsers/gstav1parser.c ++++ b/gst-libs/gst/codecparsers/gstav1parser.c +@@ -2106,6 +2106,8 @@ gst_av1_parse_tile_info (GstAV1Parser * parser, GstBitReader * br, + ((parser->state.mi_cols + 31) >> 5) : ((parser->state.mi_cols + 15) >> 4); + sb_rows = seq_header->use_128x128_superblock ? ((parser->state.mi_rows + + 31) >> 5) : ((parser->state.mi_rows + 15) >> 4); ++ sb_cols = MIN (GST_AV1_MAX_TILE_COLS, sb_cols); ++ sb_rows = MIN (GST_AV1_MAX_TILE_ROWS, sb_rows); + sb_shift = seq_header->use_128x128_superblock ? 5 : 4; + sb_size = sb_shift + 2; + max_tile_width_sb = GST_AV1_MAX_TILE_WIDTH >> sb_size; +-- +2.31.1 + diff --git a/gstreamer1-plugins-bad-free.spec b/gstreamer1-plugins-bad-free.spec index ebbbe73..23f9922 100644 --- a/gstreamer1-plugins-bad-free.spec +++ b/gstreamer1-plugins-bad-free.spec @@ -15,7 +15,7 @@ Name: gstreamer1-plugins-bad-free Version: 1.18.4 -Release: 6%{?gitcommit:.git%{shortcommit}}%{anolis_release}%{?dist} +Release: 7%{?gitcommit:.git%{shortcommit}}%{anolis_release}%{?dist} Summary: GStreamer streaming media framework "bad" plugins License: LGPLv2+ and LGPLv2 @@ -39,6 +39,8 @@ Patch0: 0001-examples-only-check-opencv_dep-if-option-is-not-disa.patch Patch1: 0001-No-va-test-when-va-disabled.patch # upstream patches Patch2: 0001-vulkan-provide-a-custom-VK_DEFINE_NON_DISPATCHABLE_H.patch +# https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1db83d3f745332cbda6adf954b2c53a10caa205e +Patch3: gstreamer1-plugins-bad-free-CVE-2023-44429.patch BuildRequires: meson >= 0.48.0 BuildRequires: gcc-c++ @@ -241,6 +243,7 @@ aren't tested well enough, or the code is not of good enough quality. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %meson \ @@ -616,6 +619,9 @@ rm $RPM_BUILD_ROOT%{_bindir}/playout %changelog +* Tue Jan 02 2024 Bo Liu - 1.18.4-7.0.1 +- Fix CVE-2023-44429 + * Wed Dec 28 2022 Liwei Ge - 1.18.4-6.0.1 - Fix build issue on anolis8 -- Gitee