From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Tue, 1 Oct 2024 13:22:50 +0300 Subject: [PATCH] opusdec: Set at most 64 channels to NONE position Thanks to Antonio Morales for finding and reporting the issue. Fixes GHSL-2024-116 Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871 Part-of: CVE: CVE-2024-47607 Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59] Signed-off-by: Peter Marko --- ext/opus/gstopusdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/opus/gstopusdec.c b/ext/opus/gstopusdec.c index 99289fa7d2..d3f461d9a8 100644 --- a/ext/opus/gstopusdec.c +++ b/ext/opus/gstopusdec.c @@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf) posn = gst_opus_channel_positions[dec->n_channels - 1]; break; default:{ - gint i; + guint i, max_pos = MIN (dec->n_channels, 64); GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE, (NULL), ("Using NONE channel layout for more than 8 channels")); - for (i = 0; i < dec->n_channels; i++) + for (i = 0; i < max_pos; i++) pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE; posn = pos; -- 2.30.2