From 54c0f7e86b4675adf773bd122b37e19488eea58d Mon Sep 17 00:00:00 2001 From: MYe Date: Fri, 22 Dec 2023 04:29:54 -0500 Subject: [PATCH] =?UTF-8?q?CVE-2023-37327=20=E5=AE=89=E5=85=A8=E6=9B=B4?= =?UTF-8?q?=E6=96=B0:=20=E4=BF=AE=E5=A4=8D=E4=BA=86gst-plugins-good1.0?= =?UTF-8?q?=E4=B8=AD=E7=9A=84=E4=BB=BB=E6=84=8F=E4=BB=A3=E7=A0=81=E6=89=A7?= =?UTF-8?q?=E8=A1=8C=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gst/audioparsers/gstflacparse.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gst/audioparsers/gstflacparse.c b/gst/audioparsers/gstflacparse.c index 2758d4c..cd5a48b 100644 --- a/gst/audioparsers/gstflacparse.c +++ b/gst/audioparsers/gstflacparse.c @@ -1109,6 +1109,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) GstMapInfo map; guint32 img_len = 0, img_type = 0; guint32 img_mimetype_len = 0, img_description_len = 0; + const guint8 *img_data; gst_buffer_map (buffer, &map, GST_MAP_READ); gst_byte_reader_init (&reader, map.data, map.size); @@ -1135,7 +1136,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) if (!gst_byte_reader_get_uint32_be (&reader, &img_len)) goto error; - if (gst_byte_reader_get_pos (&reader) + img_len > map.size) + if (!gst_byte_reader_get_data (&reader, img_len, &img_data)) goto error; GST_INFO_OBJECT (flacparse, "Got image of %d bytes", img_len); @@ -1144,8 +1145,7 @@ gst_flac_parse_handle_picture (GstFlacParse * flacparse, GstBuffer * buffer) if (flacparse->tags == NULL) flacparse->tags = gst_tag_list_new_empty (); - gst_tag_list_add_id3_image (flacparse->tags, - map.data + gst_byte_reader_get_pos (&reader), img_len, img_type); + gst_tag_list_add_id3_image (flacparse->tags, img_data, img_len, img_type); } gst_buffer_unmap (buffer, &map);