GitLab

If the gst_date_time_new_local_time function is called with a date that is out of bounds but otherwise appears valid, such as 2020-02-31, gstreamer segfaults. This is caused by the naïve safety checks at the top of the function.

The crash presumably occurs at https://gitlab.freedesktop.org/gstreamer/gstreamer/-/blob/master/gst/gstdatetime.c#L571 when NULL is dereferenced.

You could say this causes denial of service.

Affected (that I know of):

• lollypop
• clementine
• strawberry
• epiphany (if an affected file is in a web page)
• midori (same)

Basically any player that tries to display date (perhaps from ID3 tags) using this function.

A solution would be to add a NULL check before the affected line.

References:

• https://gitlab.gnome.org/World/lollypop/issues/2252#note_746298
• https://bugs.archlinux.org/task/65918

Version:

• 1.16.2-1 on Arch Linux