From 2838374d6ee4a0c9c4c4221ac46d5c1688f26e59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 1 Oct 2024 13:22:50 +0300
Subject: [PATCH] opusdec: Set at most 64 channels to NONE position

Thanks to Antonio Morales for finding and reporting the issue.

Fixes GHSL-2024-116
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3871

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037>

CVE: CVE-2024-47607
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/2838374d6ee4a0c9c4c4221ac46d5c1688f26e59]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 ext/opus/gstopusdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/opus/gstopusdec.c b/ext/opus/gstopusdec.c
index 99289fa7d2..d3f461d9a8 100644
--- a/ext/opus/gstopusdec.c
+++ b/ext/opus/gstopusdec.c
@@ -440,12 +440,12 @@ gst_opus_dec_parse_header (GstOpusDec * dec, GstBuffer * buf)
         posn = gst_opus_channel_positions[dec->n_channels - 1];
         break;
       default:{
-        gint i;
+        guint i, max_pos = MIN (dec->n_channels, 64);
 
         GST_ELEMENT_WARNING (GST_ELEMENT (dec), STREAM, DECODE,
             (NULL), ("Using NONE channel layout for more than 8 channels"));
 
-        for (i = 0; i < dec->n_channels; i++)
+        for (i = 0; i < max_pos; i++)
           pos[i] = GST_AUDIO_CHANNEL_POSITION_NONE;
 
         posn = pos;
-- 
2.30.2