From eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 Mon Sep 17 00:00:00 2001
From: Dave Cobbley <david.j.cobbley@linux.intel.com>
Date: Tue, 14 Aug 2018 10:05:37 -0700
Subject: [Subtree] Removing import-layers directory

As part of the move to subtrees, need to bring all the import layers
content to the top level.

Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
---
 .../gst-plugins-bad/buffer-overflow-mp4.patch      | 36 ++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 meta-openembedded/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-bad/buffer-overflow-mp4.patch

(limited to 'meta-openembedded/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-bad/buffer-overflow-mp4.patch')

diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-bad/buffer-overflow-mp4.patch b/meta-openembedded/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-bad/buffer-overflow-mp4.patch
new file mode 100644
index 000000000..235acda8b
--- /dev/null
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-plugins-bad/buffer-overflow-mp4.patch
@@ -0,0 +1,36 @@
+Description: Fix buffer overflow in mp4 parsing
+Author: Ralph Giles <giles@mozilla.com>
+---
+Backport patch from debian to fix CVE-2015-0797.
+https://sources.debian.net/data/main/g/gst-plugins-bad0.10/0.10.23-7.1+deb7u2/debian/patches/buffer-overflow-mp4.patch
+
+Upstream-Status: Backport
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+--- gst-plugins-bad0.10-0.10.23.orig/gst/videoparsers/gsth264parse.c
++++ gst-plugins-bad0.10-0.10.23/gst/videoparsers/gsth264parse.c
+@@ -384,6 +384,11 @@ gst_h264_parse_wrap_nal (GstH264Parse *
+ 
+   GST_DEBUG_OBJECT (h264parse, "nal length %d", size);
+ 
++  if (size > G_MAXUINT32 - nl) {
++    GST_ELEMENT_ERROR (h264parse, STREAM, FAILED, (NULL),
++        ("overflow in nal size"));
++    return NULL;
++  }
+   buf = gst_buffer_new_and_alloc (size + nl + 4);
+   if (format == GST_H264_PARSE_FORMAT_AVC) {
+     GST_WRITE_UINT32_BE (GST_BUFFER_DATA (buf), size << (32 - 8 * nl));
+@@ -452,6 +457,11 @@ gst_h264_parse_process_nal (GstH264Parse
+     GST_DEBUG_OBJECT (h264parse, "not processing nal size %u", nalu->size);
+     return;
+   }
++  if (G_UNLIKELY (nalu->size > 20 * 1024 * 1024)) {
++    GST_DEBUG_OBJECT (h264parse, "not processing nal size %u (too big)",
++        nalu->size);
++    return;
++  }
+ 
+   /* we have a peek as well */
+   nal_type = nalu->type;
-- 
cgit v1.2.1