projects / gpac.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 75c0fa8)
[PATCH] fixed #1705
authorjeanlf <jeanlf@gpac.io>
Fri, 12 Mar 2021 10:46:56 +0000 (11:46 +0100)
committerSebastian Ramacher <sramacher@debian.org>
Wed, 1 Sep 2021 19:50:08 +0000 (20:50 +0100)
Gbp-Pq: Name CVE-2021-31256.patch

src/isomedia/stbl_read.c patch | blob | history

diff --git a/src/isomedia/stbl_read.c b/src/isomedia/stbl_read.c
index a105e84f7cdece913484a4e5b46bf27f52e011e9..b2f222b42b1b408cc7fd7bebf588e8e1d1c9be8d 100644 (file)
--- a/src/isomedia/stbl_read.c
+++ b/src/isomedia/stbl_read.c
@@ -419,11 +419,13 @@ GF_Err stbl_GetSampleInfos(GF_SampleTableBox *stbl, u32 sampleNumber, u64 *offse
                if ( stbl->ChunkOffset->type == GF_ISOM_BOX_TYPE_STCO) {
                        stco = (GF_ChunkOffsetBox *)stbl->ChunkOffset;
                        if (!stco->offsets) return GF_ISOM_INVALID_FILE;
+                       if (stco->nb_entries < sampleNumber) return GF_ISOM_INVALID_FILE;
 
                        (*offset) = (u64) stco->offsets[sampleNumber - 1];
                } else {
                        co64 = (GF_ChunkLargeOffsetBox *)stbl->ChunkOffset;
                        if (!co64->offsets) return GF_ISOM_INVALID_FILE;
+                       if (co64->nb_entries < sampleNumber) return GF_ISOM_INVALID_FILE;
 
                        (*offset) = co64->offsets[sampleNumber - 1];
                }
Unnamed repository; edit this file 'description' to name the repository.