From 9140d1140a141cf1000b63a97458fa60b8fc87c9 Mon Sep 17 00:00:00 2001 From: m00472246 Date: Fri, 31 Dec 2021 15:06:42 +0800 Subject: [PATCH] =?UTF-8?q?CVE-2021-3522=E6=BC=8F=E6=B4=9E=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D=20Signed-off-by:=20m00472246=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: m00472246 Change-Id: Ic6cb4d4ddd0f575899fcfae8f316d611e716a1b3 Signed-off-by: m00472246 --- gstplugins_base/BUILD.gn | 3 ++- gstplugins_base/gst-libs/gst/tag/id3v2frames.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gstplugins_base/BUILD.gn b/gstplugins_base/BUILD.gn index f7509497..d2abcae8 100644 --- a/gstplugins_base/BUILD.gn +++ b/gstplugins_base/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. +# Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. import("//build/ohos.gni") @@ -49,6 +49,7 @@ config("gst_plugins_config") { "-Wno-builtin-requires-header", "-DOHOS_EXT_FUNC", "-DOHOS_OPT_COMPAT", + "-DOHOS_OPT_CVE", ] } diff --git a/gstplugins_base/gst-libs/gst/tag/id3v2frames.c b/gstplugins_base/gst-libs/gst/tag/id3v2frames.c index 8e9f7825..bb915ba3 100644 --- a/gstplugins_base/gst-libs/gst/tag/id3v2frames.c +++ b/gstplugins_base/gst-libs/gst/tag/id3v2frames.c @@ -109,7 +109,11 @@ id3v2_parse_frame (ID3TagsWorking * work) if (work->frame_flags & (ID3V2_FRAME_FORMAT_COMPRESSION | ID3V2_FRAME_FORMAT_DATA_LENGTH_INDICATOR)) { +#ifdef OHOS_OPT_CVE + if (frame_data_size <= 4) +#else if (work->hdr.frame_data_size <= 4) +#endif return FALSE; if (ID3V2_VER_MAJOR (work->hdr.version) == 3) { work->parse_size = GST_READ_UINT32_BE (frame_data); -- Gitee