Fix an "invalid read during ID3v2 tag parsing". https://security-tracker.debian.org/tracker/TEMP-0000000-57E7C1 https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 Patch copied from upstream source repository: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee From f4a1428a6997658625d529b9db60fde812fbf1ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim-Philipp=20M=C3=BCller?= Date: Wed, 3 Mar 2021 01:08:25 +0000 Subject: [PATCH] tag: id3v2: fix frame size check and potential invalid reads Check the right variable when checking if there's enough data left to read the frame size. Closes https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 Part-of: --- gst-libs/gst/tag/id3v2frames.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gst-libs/gst/tag/id3v2frames.c b/gst-libs/gst/tag/id3v2frames.c index 8e9f78254..f39659bf7 100644 --- a/gst-libs/gst/tag/id3v2frames.c +++ b/gst-libs/gst/tag/id3v2frames.c @@ -109,7 +109,7 @@ id3v2_parse_frame (ID3TagsWorking * work) if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION | ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) { - if (work->hdr.frame_data_size <= 4) + if (frame_data_size <= 4) return FALSE; if (ID3V2_VER_MAJOR (work->hdr.version) == 3) { work->parse_size = GST_READ_UINT32_BE (frame_data); -- 2.31.1 0ac073884cb7146749d3e63'/>
path: root/gnu.scm
nnel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto.
AgeCommit message (Expand)Author<
2020-07-25Use 'formatted-message' instead of '&message' where appropriate....* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ss
2020-10-23doc: Update README....* README (Installation): Do not mention installing Guix from Git anymore. (Building from Git): Add section. Maxim Cournoyer
2020-10-22README: Refer to the manual for building from Git....* README (Installing Guix from Guix): Remove section. (Installation): For installing from Git, refer to the "Building from Git" section of the manual and suggest using './pre-inst-env guix pull' rather than 'make install' for installing Guix. Maxim Cournoyer
2020-06-02doc: Update README to refer to the manual....* README (Requirements): Refer to the manual. (Installation): Update URL of the manual. Ludovic Courtès
Ludovic Courtès
2020-07-25utils: Move '&fix-hint' to (guix diagnostics)....* guix/utils.scm (&fix-hint): Move to... * guix/diagnostics.scm (&fix-hint): ... here. * gnu.scm: Adjust imports accordingly. * gnu/system/mapped-devices.scm: Likewise. * guix/channels.scm: Likewise. * guix/profiles.scm: Likewise. * guix/scripts/system/reconfigure.scm: Likewise. * guix/ssh.scm: Likewise. Ludovic Courtès
2020-07-25utils: Move <location> and '&error-location' to (guix diagnostics)....* guix/utils.scm (<location>, source-properties->location) (location->source-properties, &error-location): Move to... * guix/diagnostics.scm: ... here. * gnu.scm: Adjust imports accordingly. * gnu/machine.scm: Likewise. * gnu/system.scm: Likewise. * gnu/tests.scm: Likewise. * guix/inferior.scm: Likewise. * tests/channels.scm: Likewise. * tests/packages.scm: Likewise. Ludovic Courtès
2019-03-24Add (gnu system keyboard)....* gnu/system/keyboard.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu.scm (%public-modules): Add it. Ludovic Courtès