mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:49:46 +00:00
Code Issues Projects Releases Wiki Activity

gstreamer1.0-plugins-base: fix CVE-2025-47807

Browse Source 
Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2

(From OE-Core rev: 19eca5d7373667dbacd02a2c1dd8c9de8101cd34)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Hitendra Prajapati
2025-08-21 11:51:49 +05:30
committed by Steve Sakoman
parent b4135ab254
commit 35cae2014a
2 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47807.patch
+49
View File
@@ -0,0 +1,49 @@
From 9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 8 May 2025 09:14:15 +0300
Subject: [PATCH] subparse: Check for valid UTF-8 before cleaning up lines and
check for regex replace errors
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4418
Fixes CVE-2025-47807
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132>
CVE: CVE-2025-47807
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
gst/subparse/gstsubparse.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
index 035068d..72bf104 100644
--- a/gst/subparse/gstsubparse.c
+++ b/gst/subparse/gstsubparse.c
@@ -666,6 +666,12 @@ subrip_unescape_formatting (gchar * txt, gconstpointer allowed_tags_ptr,
res = g_regex_replace (tag_regex, txt, strlen (txt), 0,
replace_pattern, 0, NULL);
+ /* Replacing can fail. Return an empty string in that case. */
+ if (!res) {
+ strcpy (txt, "");
+ return;
+ }
+
/* res will always be shorter than the input or identical, so this
* copy is OK */
strcpy (txt, res);
@@ -1046,6 +1052,10 @@ parse_subrip (ParserState * state, const gchar * line)
g_string_append_c (state->buf, '\n');
g_string_append (state->buf, line);
if (strlen (line) == 0) {
+ if (!g_utf8_validate (state->buf->str, state->buf->len, NULL)) {
+ g_string_truncate (state->buf, 0);
+ return NULL;
+ }
ret = g_markup_escape_text (state->buf->str, state->buf->len);
g_string_truncate (state->buf, 0);
state->state = 0;
--
2.50.1
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb
+1
View File
@@ -21,6 +21,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba
file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \ file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \
file://CVE-2025-47808.patch \ file://CVE-2025-47808.patch \
file://CVE-2025-47806.patch \ file://CVE-2025-47806.patch \
file://CVE-2025-47807.patch \
" "
SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1"