CVE-2021-46038to46046_46049_46051

Origin: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
Reviewed-by: Aron Xu <aron@debian.org>
From f5a778edd1febd574ff9558d2faa57133bdb4a5f Mon Sep 17 00:00:00 2001
From: jeanlf <jeanlf@gpac.io>
Date: Mon, 3 Jan 2022 11:12:21 +0100
Subject: [PATCH] fixed #1999

Gbp-Pq: Name CVE-2021-46038to46046_46049_46051.patch

diff --git a/src/isomedia/isom_store.c b/src/isomedia/isom_store.c
index 254902b915429b35bc16148a59cadedcd7f28b2d..17dd96f41a339e32114bbb6a6286243c4b896ed3 100644 (file)
--- a/src/isomedia/isom_store.c
+++ b/src/isomedia/isom_store.c
@@ -270,6 +270,8 @@ static GF_Err ShiftOffset(GF_ISOFile *file, GF_List *writers, u64 offset)
                                //be carefull for the last entry, nextChunk is set to 0 in edit mode...
                                last = ent->nextChunk ? ent->nextChunk : stco->nb_entries + 1;
                                for (k = ent->firstChunk; k < last; k++) {
+                                        if (stco->nb_entries < k)
+                                                return GF_ISOM_INVALID_FILE;
 
                                        //we need to rewrite the table: only allocate co64 if not done previously and convert all offsets
                                        //to co64. Then (whether co64 was created or not) adjust the offset
@@ -303,6 +305,8 @@ static GF_Err ShiftOffset(GF_ISOFile *file, GF_List *writers, u64 offset)
                                //be carefull for the last entry ...
                                last = ent->nextChunk ? ent->nextChunk : stco64->nb_entries + 1;
                                for (k = ent->firstChunk; k < last; k++) {
+                                        if (stco64->nb_entries < k)
+                                                return GF_ISOM_INVALID_FILE;
                                        stco64->offsets[k-1] += offset;
                                }
                        }