From 3eee4954d70accf94262299994eb21107a65dea8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 21:35:07 +0300
Subject: [PATCH] vorbisdec: Set at most 64 channels to NONE position

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-115
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3869

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035>

CVE: CVE-2024-47538
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3eee4954d70accf94262299994eb21107a65dea8]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 ext/vorbis/gstvorbisdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/vorbis/gstvorbisdec.c b/ext/vorbis/gstvorbisdec.c
index 6a410ed858..1fc4fa883e 100644
--- a/ext/vorbis/gstvorbisdec.c
+++ b/ext/vorbis/gstvorbisdec.c
@@ -204,7 +204,7 @@ vorbis_handle_identification_packet (GstVorbisDec * vd)
     }
     default:{
       GstAudioChannelPosition position[64];
-      gint i, max_pos = MAX (vd->vi.channels, 64);
+      gint i, max_pos = MIN (vd->vi.channels, 64);
 
       GST_ELEMENT_WARNING (vd, STREAM, DECODE,
           (NULL), ("Using NONE channel layout for more than 8 channels"));
-- 
2.30.2