From be0ac3f40949cb951d5f0761f4a3bd597a94947f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 30 Sep 2024 19:04:51 +0300
Subject: [PATCH 4/7] matroskademux: Don't take data out of an empty adapter
 when processing WavPack frames

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-249
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3865

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8108>

CVE: CVE-2024-47597
CVE: CVE-2024-47601
CVE: CVE-2024-47602
CVE: CVE-2024-47603
CVE: CVE-2024-47834
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/be0ac3f40949cb951d5f0761f4a3bd597a94947f]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../gst-plugins-good/gst/matroska/matroska-demux.c    | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/gst/matroska/matroska-demux.c b/gst/matroska/matroska-demux.c
index 91e66fefc3..98ed51e86a 100644
--- a/gst/matroska/matroska-demux.c
+++ b/gst/matroska/matroska-demux.c
@@ -4036,11 +4036,16 @@ gst_matroska_demux_add_wvpk_header (GstElement * element,
     }
     gst_buffer_unmap (*buf, &map);
 
-    newbuf = gst_adapter_take_buffer (adapter, gst_adapter_available (adapter));
+    size = gst_adapter_available (adapter);
+    if (size > 0) {
+      newbuf = gst_adapter_take_buffer (adapter, size);
+      gst_buffer_copy_into (newbuf, *buf,
+          GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
+    } else {
+      newbuf = NULL;
+    }
     g_object_unref (adapter);
 
-    gst_buffer_copy_into (newbuf, *buf,
-        GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_FLAGS, 0, -1);
     gst_buffer_unref (*buf);
     *buf = newbuf;
 
-- 
2.30.2