[Bug 752495] New: [SECURITY] _fallback_mem_copy may read befor and after valid data

[GStreamer (GNOME Bugzilla)]

https://bugzilla.gnome.org/show_bug.cgi?id=752495

            Bug ID: 752495
           Summary: [SECURITY] _fallback_mem_copy may read befor and after
                    valid data
    Classification: Platform
           Product: GStreamer
           Version: git master
                OS: All
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gstreamer (core)
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: scabot at gmail.com
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

_fallback_mem_copy in gstallocator.c does not check the bounds of the requested
copy.
1. The offset of the copy may be negative so reads starting before the valid
data are possible.
2. (offset + size) are not checked to see if the sum falls outside the valid
data region so data can be read from after the end of the buffer.

This lack of bounds checking poses a security risk as well as making gstreamer
less robust.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.