[PATCH] fixed #1706

Gbp-Pq: Name CVE-2021-31258.patch

diff --git a/src/isomedia/isom_read.c b/src/isomedia/isom_read.c
index 535542c92ea487c94f806f0542d77589e019bb61..a654391c8ae8d9cf2faf6ebc6b50e884bb2f3080 100644 (file)
--- a/src/isomedia/isom_read.c
+++ b/src/isomedia/isom_read.c
@@ -3802,6 +3802,7 @@ u32 gf_isom_guess_specification(GF_ISOFile *file)
                        case GF_ISOM_SUBTYPE_MPEG4_CRYP:
                        {
                                GF_DecoderConfig *dcd = gf_isom_get_decoder_config(file, i+1, 1);
+                               if (!dcd) break;
                                switch (dcd->streamType) {
                                case GF_STREAM_VISUAL:
                                        if (dcd->objectTypeIndication==GF_CODECID_MPEG4_PART2) nb_m4v++;

diff --git a/src/isomedia/isom_write.c b/src/isomedia/isom_write.c
index bb8a0dcdbb90f9df4aa318b6222856e163bc8dcc..f4c565cec4e2e1c1c56e0c48d93db55a5de73c15 100644 (file)
--- a/src/isomedia/isom_write.c
+++ b/src/isomedia/isom_write.c
@@ -5224,6 +5224,7 @@ GF_Err gf_isom_set_extraction_slc(GF_ISOFile *the_file, u32 trackNumber, u32 Str
        GF_SampleEntryBox *entry;
        GF_Err e;
        GF_SLConfig **slc;
+       GF_ESDBox *esds;
 
        trak = gf_isom_get_track_from_file(the_file, trackNumber);
        if (!trak) return GF_BAD_PARAM;
@@ -5234,15 +5235,21 @@ GF_Err gf_isom_set_extraction_slc(GF_ISOFile *the_file, u32 trackNumber, u32 Str
        //we must be sure we are not using a remote ESD
        switch (entry->type) {
        case GF_ISOM_BOX_TYPE_MP4S:
-               if (((GF_MPEGSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM;
+               esds = ((GF_MPEGSampleEntryBox *)entry)->esd;
+               if (!esds || !esds->desc || !esds->desc->slConfig || (esds->desc->slConfig->predefined != SLPredef_MP4))
+                       return GF_ISOM_INVALID_FILE;
                slc = & ((GF_MPEGSampleEntryBox *)entry)->slc;
                break;
        case GF_ISOM_BOX_TYPE_MP4A:
-               if (((GF_MPEGAudioSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM;
+               esds = ((GF_MPEGAudioSampleEntryBox *)entry)->esd;
+               if (!esds || !esds->desc || !esds->desc->slConfig || (esds->desc->slConfig->predefined != SLPredef_MP4))
+                       return GF_ISOM_INVALID_FILE;
                slc = & ((GF_MPEGAudioSampleEntryBox *)entry)->slc;
                break;
        case GF_ISOM_BOX_TYPE_MP4V:
-               if (((GF_MPEGVisualSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM;
+               esds = ((GF_MPEGVisualSampleEntryBox *)entry)->esd;
+               if (!esds || !esds->desc || !esds->desc->slConfig || (esds->desc->slConfig->predefined != SLPredef_MP4))
+                       return GF_ISOM_INVALID_FILE;
                slc = & ((GF_MPEGVisualSampleEntryBox *)entry)->slc;
                break;
        default:

diff --git a/src/media_tools/isom_hinter.c b/src/media_tools/isom_hinter.c
index 22ffa65f53b84980c35e21bc72025ad79f3c1340..477464b21845db1c4027d150cf335f35a91caad6 100644 (file)
--- a/src/media_tools/isom_hinter.c
+++ b/src/media_tools/isom_hinter.c
@@ -641,7 +641,11 @@ GF_RTPHinter *gf_hinter_track_new(GF_ISOFile *file, u32 TrackNum,
        if (hintType==GF_RTP_PAYT_MPEG4) {
                tmp->rtp_p->slMap.CodecID = codecid;
                /*set this SL for extraction.*/
-               gf_isom_set_extraction_slc(file, TrackNum, 1, &my_sl);
+               *e = gf_isom_set_extraction_slc(file, TrackNum, 1, &my_sl);
+               if (*e) {
+                       gf_hinter_track_del(tmp);
+                       return NULL;
+               }
        }
        tmp->bandwidth = bandwidth;