CVE-2023-40476 安全更新:possible overflow using max_sub_layers_minus1

2023-12-16 01:27:00 +08:00 · 2023-12-16 01:27:00 +08:00 · d76b79f6d9
parent f2e96382bd
commit d76b79f6d9
2 changed files with 8 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,5 +1,10 @@
 gst-plugins-bad1.0 (1.16.2-2.1ok1) yangtze; urgency=medium

+  * zzorgan CVE-2023-40476 安全更新:possible overflow using max_sub_layers_minus1
+
+ -- zengzhi <2020212784@bupt.cn>  Sat, 16 Dec 2023 01:25:36 +0800
+gst-plugins-bad1.0 (1.16.2-2.1ok1) yangtze; urgency=medium
+
  * Build for openkylin.

 -- rtlhq <nobelxyz@163.com>  Tue, 13 Sep 2022 15:49:05 +0800
--- a/gst-libs/gst/codecparsers/gsth265parser.c
+++ b/gst-libs/gst/codecparsers/gsth265parser.c
@ -1490,6 +1490,7 @@ gst_h265_parse_vps (GstH265NalUnit * nalu, GstH265VPS * vps)

  READ_UINT8 (&nr, vps->max_layers_minus1, 6);
  READ_UINT8 (&nr, vps->max_sub_layers_minus1, 3);
+  CHECK_ALLOWED (vps->max_sub_layers_minus1, 0, 6);
  READ_UINT8 (&nr, vps->temporal_id_nesting_flag, 1);

  /* skip reserved_0xffff_16bits */
@ -1669,8 +1670,10 @@ gst_h265_parse_sps (GstH265Parser * parser, GstH265NalUnit * nalu,
  sps->vps = vps;

  READ_UINT8 (&nr, sps->max_sub_layers_minus1, 3);
+  CHECK_ALLOWED (sps->max_sub_layers_minus1, 0, 6);
  READ_UINT8 (&nr, sps->temporal_id_nesting_flag, 1);

+
  if (!gst_h265_parse_profile_tier_level (&sps->profile_tier_level, &nr,
          sps->max_sub_layers_minus1))
    goto error;