After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 700259 - audio: fix buffer overflow for channels > 64
audio: fix buffer overflow for channels > 64
Product: GStreamer
Classification: Platform
Component: gst-plugins-base
Other All
: Normal major
: 1.1.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Reported: 2013-05-13 20:56 UTC by Darryl Gamroth
Modified: 2013-05-15 07:27 UTC
See Also:
GNOME target: ---
GNOME version: ---

patch (1.02 KB, patch)
2013-05-13 20:56 UTC, Darryl Gamroth
rejected Details | Review

Description Darryl Gamroth 2013-05-13 20:56:00 UTC
Created attachment 244106 [details] [review]

When using more than 64 channels, gst_audio_info_set_format overflows the GstAudioInfo position field.

This patch ensures the copy is bounded to the buffer's maximum size.
Comment 1 Sebastian Dröge (slomo) 2013-05-14 07:36:28 UTC
Slightly different patch, you should just not pass positions if using more than 64 channels.

commit b401f447d27be921b2ecb3b6c10a14e831018e7c
Author: Sebastian Dröge <>
Date:   Tue May 14 09:34:21 2013 +0200

    audio-info: For more than 64 channels don't allow a channel layout
    More than 64 channels have all channels unpositioned.
Comment 2 Darryl Gamroth 2013-05-14 19:02:46 UTC
Makes sense but this means gst_audio_info_from_caps is broken as it will never pass a NULL position array.
Comment 3 Sebastian Dröge (slomo) 2013-05-15 07:27:53 UTC
Thanks :)

commit be154ee9d6a8064f99f1ad403558738048af7d07
Author: Sebastian Dröge <>
Date:   Wed May 15 09:26:56 2013 +0200

    audio-info: Always pass NULL as position parameter to gst_audio_info_set_format()