[PATCH] fixed #1910 #1911

Gbp-Pq: Name CVE-2021-41456.patch

diff --git a/src/filters/dmx_nhml.c b/src/filters/dmx_nhml.c
index 6c3a775bb4fef38f8f2b29859fa58d0e6376b13d..c06b230dee788f5a220406b9d9a72ecbf32dc850 100644 (file)
--- a/src/filters/dmx_nhml.c
+++ b/src/filters/dmx_nhml.c
@@ -999,10 +999,17 @@ static GF_Err nhmldmx_send_sample(GF_Filter *filter, GF_NHMLDmxCtx *ctx)
                                        } else {
                                                base_data = att->value;
                                        }
+                               } else if (!strnicmp(att->value, "gmem://", 7)) {
+                                       GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, ("[NHMLDmx] Invalid url %s for NHML import\n", att->value));
                                } else {
                                        char *url = gf_url_concatenate(ctx->src_url, att->value);
-                                       strcpy(szMediaTemp, url ? url : att->value);
-                                       if (url) gf_free(url);
+                                       if (!url) {
+                                               GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, ("[NHMLDmx] Failed to get full url for %s\n", att->value));
+                                       } else {
+                                               strncpy(szMediaTemp, url, GF_MAX_PATH-1);
+                                               szMediaTemp[GF_MAX_PATH-1] = 0;
+                                               gf_free(url);
+                                       }
                                }
                        }
                        else if (!stricmp(att->name, "xmlFrom")) strcpy(szXmlFrom, att->value);