CVE-2022-1441

commit 3dbe11b37d65c8472faf0654410068e5500b3adb
Author: jeanlf <jeanlf@gpac.io>
Date:   Tue Apr 19 09:15:58 2022 +0200

    fixed #2175

Gbp-Pq: Name CVE-2022-1441.patch

diff --git a/src/isomedia/box_code_3gpp.c b/src/isomedia/box_code_3gpp.c
index 3f9ff05692a50593c77a84ca321842dbbb596a0d..928a5575f2265150228ce9c4dac51c3a3b3d0b29 100644 (file)
--- a/src/isomedia/box_code_3gpp.c
+++ b/src/isomedia/box_code_3gpp.c
@@ -1128,20 +1128,12 @@ void diST_box_del(GF_Box *s)
 
 GF_Err diST_box_read(GF_Box *s, GF_BitStream *bs)
 {
-       u32 i;
-       char str[1024];
        GF_DIMSScriptTypesBox *p = (GF_DIMSScriptTypesBox *)s;
 
-       i=0;
-       str[0]=0;
-       while (1) {
-               str[i] = gf_bs_read_u8(bs);
-               if (!str[i]) break;
-               i++;
-       }
-       ISOM_DECREASE_SIZE(p, i);
-
-       p->content_script_types = gf_strdup(str);
+       p->content_script_types = gf_malloc(sizeof(char) * (s->size+1));
+       if (!p->content_script_types) return GF_OUT_OF_MEM;
+       gf_bs_read_data(bs, p->content_script_types, s->size);
+       p->content_script_types[s->size] = 0;
        return GF_OK;
 }