Fix buffer overflow in utf8_wcslen, CVE-2022-30976

diff --git a/debian/patches/CVE-2022-30976.patch b/debian/patches/CVE-2022-30976.patch
new file mode 100644 (file)
index 0000000..752106c
--- /dev/null
+++ b/debian/patches/CVE-2022-30976.patch
@@ -0,0 +1,34 @@
+commit 1773b7a34bc08734aee7d3f5dfe65d06389fe15a
+Author: jeanlf <jeanlf@gpac.io>
+Date:   Tue Apr 19 09:08:45 2022 +0200
+
+    fixed #2173
+
+diff --git a/src/ietf/rtp_pck_mpeg4.c b/src/ietf/rtp_pck_mpeg4.c
+index d8bec0d20..462d2c99b 100644
+--- a/src/ietf/rtp_pck_mpeg4.c
++++ b/src/ietf/rtp_pck_mpeg4.c
+@@ -421,6 +421,7 @@ GF_Err gp_rtp_builder_do_avc(GP_RTPPacketizer *builder, u8 *nalu, u32 nalu_size,
+       }
+ 
+       if (!nalu) return GF_OK;
++      if (nalu_size<1) return GF_NON_COMPLIANT_BITSTREAM;
+ 
+       /*need a new RTP packet*/
+       if (!builder->bytesInPacket) {
+@@ -559,6 +560,7 @@ GF_Err gp_rtp_builder_do_hevc(GP_RTPPacketizer *builder, u8 *nalu, u32 nalu_size
+       }
+ 
+       if (!nalu) return GF_OK;
++      if (nalu_size<2) return GF_NON_COMPLIANT_BITSTREAM;
+ 
+       /*need a new RTP packet*/
+       if (!builder->bytesInPacket) {
+@@ -714,6 +716,7 @@ GF_Err gp_rtp_builder_do_vvc(GP_RTPPacketizer *builder, u8 *nalu, u32 nalu_size,
+       }
+ 
+       if (!nalu) return GF_OK;
++      if (nalu_size<2) return GF_NON_COMPLIANT_BITSTREAM;
+ 
+       /*need a new RTP packet*/
+       if (!builder->bytesInPacket) {

diff --git a/debian/patches/series b/debian/patches/series
index 5560178c617b82c1fe72e27db491e3828c9faf44..68e6b0482bfbb6fa7d1591a9f4e98f5a62263f15 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ gcc-optflags.patch
 dont-err-build-on-uknown-system.patch
 CVE-2022-29339.patch
 CVE-2022-29340.patch
+CVE-2022-30976.patch