diff options
author | Justin Chadwell <justin.chadwell@pexip.com> | 2020-07-14 14:24:20 +0100 |
---|---|---|
committer | GStreamer Merge Bot <gitlab-merge-bot@gstreamer-foundation.org> | 2020-09-25 12:41:06 +0000 |
commit | 310dec75cd0b630a765ee93c82a473e17fb5dd94 (patch) | |
tree | cfd7f7bfd404d7c8143e323ebfdc318a6a155641 /gst/interleave | |
parent | 7241f5d9c21ee3ead0294d6480a6fe5af4bf3b74 (diff) | |
download | gstreamer-plugins-good-310dec75cd0b630a765ee93c82a473e17fb5dd94.tar.gz |
qtdemux: fix allocation explosion with stsd entries
Previously, the user input for stsd entries is trusted completely, and
so a maliciously crafted file could choose the length of the stsd
entries arbitrarily and cause qtdemux to try to allocate up to 2GB of
memory (half of a 32 bit max int).
This patch fixes this by sanity checking the stsd input against the
size of the entire stsd atom.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/749>
Diffstat (limited to 'gst/interleave')
0 files changed, 0 insertions, 0 deletions