CVE-2021-36417

author Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>

Mon, 19 Jun 2023 21:46:06 +0000 (22:46 +0100)

committer Moritz Mühlenhoff <jmm@debian.org>

Mon, 19 Jun 2023 21:46:06 +0000 (22:46 +0100)
author Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Mon, 19 Jun 2023 21:46:06 +0000 (22:46 +0100)
committer Moritz Mühlenhoff <jmm@debian.org>
Mon, 19 Jun 2023 21:46:06 +0000 (22:46 +0100)
diff --git a/src/isomedia/avc_ext.c b/src/isomedia/avc_ext.c

index 16347cb27d7a4e30f9e29ddc3d0756112be3102e..c00cff0dfe162d06143b4f96269cdb1dd54cd4bf 100644 (file)
--- a/src/isomedia/avc_ext.c
+++ b/src/isomedia/avc_ext.c
@@ -2203,7 +2203,7 @@ GF_AVCConfig *gf_isom_avc_config_get(GF_ISOFile *the_file, u32 trackNumber, u32
  
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1);
         if (!entry) return NULL;
-
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
         if (!entry->avc_config) return NULL;
         return AVC_DuplicateConfig(entry->avc_config->config);
  }
@@ -2226,6 +2226,7 @@ GF_HEVCConfig *gf_isom_hevc_config_get(GF_ISOFile *the_file, u32 trackNumber, u3
                 return NULL;
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1);
         if (!entry) return NULL;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
         if (!entry->hevc_config) return NULL;
         return HEVC_DuplicateConfig(entry->hevc_config->config);
  }
@@ -2241,6 +2242,7 @@ GF_AVCConfig *gf_isom_svc_config_get(GF_ISOFile *the_file, u32 trackNumber, u32
                 return NULL;
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1);
         if (!entry) return NULL;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
         if (!entry->svc_config) return NULL;
         return AVC_DuplicateConfig(entry->svc_config->config);
  }
@@ -2257,6 +2259,7 @@ GF_AVCConfig *gf_isom_mvc_config_get(GF_ISOFile *the_file, u32 trackNumber, u32
                 return NULL;
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1);
         if (!entry) return NULL;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
         if (!entry->mvc_config) return NULL;
         return AVC_DuplicateConfig(entry->mvc_config->config);
  }
@@ -2276,7 +2279,9 @@ GF_AV1Config *gf_isom_av1_config_get(GF_ISOFile *the_file, u32 trackNumber, u32
         trak = gf_isom_get_track_from_file(the_file, trackNumber);
         if (!trak || !trak->Media || !DescriptionIndex) return NULL;
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex - 1);
-       if (!entry || !entry->av1_config|| !entry->av1_config->config) return NULL;
+       if (!entry) return NULL;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
+       if (!entry->av1_config|| !entry->av1_config->config) return NULL;
         return AV1_DuplicateConfig(entry->av1_config->config);
  }
  
@@ -2288,7 +2293,9 @@ GF_VPConfig *gf_isom_vp_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 De
         trak = gf_isom_get_track_from_file(the_file, trackNumber);
         if (!trak || !trak->Media || !DescriptionIndex) return NULL;
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex - 1);
-       if (!entry || !entry->vp_config) return NULL;
+       if (!entry) return NULL;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
+       if (!entry->vp_config || !entry->vp_config->config) return NULL;
         return VP_DuplicateConfig(entry->vp_config->config);
  }
  
@@ -2300,7 +2307,9 @@ GF_DOVIDecoderConfigurationRecord *gf_isom_dovi_config_get(GF_ISOFile* the_file,
         trak = gf_isom_get_track_from_file(the_file, trackNumber);
         if (!trak || !trak->Media || !DescriptionIndex) return NULL;
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex - 1);
-       if (!entry || !entry->dovi_config) return NULL;
+       if (!entry) return NULL;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
+       if (!entry->dovi_config) return NULL;
         return DOVI_DuplicateConfig(&entry->dovi_config->DOVIConfig);
  }
  
@@ -2317,6 +2326,7 @@ GF_ISOMAVCType gf_isom_get_avc_svc_type(GF_ISOFile *the_file, u32 trackNumber, u
  
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1);
         if (!entry) return GF_ISOM_AVCTYPE_NONE;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return GF_ISOM_AVCTYPE_NONE;
  
         type = entry->type;
  
@@ -2359,6 +2369,7 @@ GF_ISOMHEVCType gf_isom_get_hevc_lhvc_type(GF_ISOFile *the_file, u32 trackNumber
                 return GF_ISOM_HEVCTYPE_NONE;
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1);
         if (!entry) return GF_ISOM_HEVCTYPE_NONE;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return GF_ISOM_HEVCTYPE_NONE;
         type = entry->type;
  
         if (type == GF_ISOM_BOX_TYPE_ENCV) {
@@ -2404,6 +2415,7 @@ GF_HEVCConfig *gf_isom_lhvc_config_get(GF_ISOFile *the_file, u32 trackNumber, u3
                 return NULL;
         entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1);
         if (!entry) return NULL;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
         if (!entry->lhvc_config) return NULL;
         lhvc = HEVC_DuplicateConfig(entry->lhvc_config->config);
         if (!lhvc) return NULL;
diff --git a/src/isomedia/sample_descs.c b/src/isomedia/sample_descs.c

index 46b2b74c411380317f6ff5a8dc2a5b27243c69ca..e4e3588b0861c4563a955a1991583ed2eb33e626 100644 (file)
--- a/src/isomedia/sample_descs.c
+++ b/src/isomedia/sample_descs.c
@@ -311,10 +311,12 @@ GF_3GPConfig *gf_isom_3gp_config_get(GF_ISOFile *the_file, u32 trackNumber, u32
         case GF_ISOM_SUBTYPE_3GP_EVRC:
         case GF_ISOM_SUBTYPE_3GP_QCELP:
         case GF_ISOM_SUBTYPE_3GP_SMV:
+               if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return NULL;
                 if (! ((GF_MPEGAudioSampleEntryBox*)entry)->cfg_3gpp) return NULL;
                 config = & ((GF_MPEGAudioSampleEntryBox*)entry)->cfg_3gpp->cfg;
                 break;
         case GF_ISOM_SUBTYPE_3GP_H263:
+               if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL;
                 if (! ((GF_MPEGVisualSampleEntryBox*)entry)->cfg_3gpp) return NULL;
                 config = & ((GF_MPEGVisualSampleEntryBox*)entry)->cfg_3gpp->cfg;
                 break;
@@ -339,8 +341,9 @@ GF_AC3Config *gf_isom_ac3_config_get(GF_ISOFile *the_file, u32 trackNumber, u32
         if (!trak || !StreamDescriptionIndex) return NULL;
  
         entry = (GF_MPEGAudioSampleEntryBox *)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, StreamDescriptionIndex-1);
-       if (!entry || !entry->cfg_ac3) return NULL;
+       if (!entry) return NULL;
         if (!entry->cfg_ac3) return NULL;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return NULL;
         if ( (entry->cfg_ac3->type!=GF_ISOM_BOX_TYPE_DAC3) && (entry->cfg_ac3->type!=GF_ISOM_BOX_TYPE_DEC3) ) return NULL;
  
         res = (GF_AC3Config*)gf_malloc(sizeof(GF_AC3Config));
@@ -361,6 +364,8 @@ GF_Err gf_isom_flac_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 Stream
         if (!trak || !StreamDescriptionIndex) return GF_BAD_PARAM;
  
         entry = (GF_MPEGAudioSampleEntryBox *)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, StreamDescriptionIndex-1);
+       if (!entry) return GF_BAD_PARAM;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return GF_BAD_PARAM;
  
         type = entry->type;
         if (type==GF_ISOM_BOX_TYPE_ENCA) {
@@ -433,6 +438,8 @@ GF_Err gf_isom_opus_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 Stream
         if (!trak || !StreamDescriptionIndex) return GF_BAD_PARAM;
  
         entry = (GF_MPEGAudioSampleEntryBox *)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, StreamDescriptionIndex-1);
+       if (!entry) return GF_BAD_PARAM;
+       if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return GF_BAD_PARAM;
  
         type = entry->type;
         if (type==GF_ISOM_BOX_TYPE_ENCA) {
@@ -575,9 +582,11 @@ GF_Err gf_isom_3gp_config_update(GF_ISOFile *the_file, u32 trackNumber, GF_3GPCo
         case GF_ISOM_SUBTYPE_3GP_EVRC:
         case GF_ISOM_SUBTYPE_3GP_QCELP:
         case GF_ISOM_SUBTYPE_3GP_SMV:
+               if (a_entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return GF_ISOM_INVALID_FILE;
                 cfg = &a_entry->cfg_3gpp->cfg;
                 break;
         case GF_ISOM_SUBTYPE_3GP_H263:
+               if (v_entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return GF_ISOM_INVALID_FILE;
                 cfg = & v_entry->cfg_3gpp->cfg;
                 break;
         default:
author	Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
	Mon, 19 Jun 2023 21:46:06 +0000 (22:46 +0100)
committer	Moritz Mühlenhoff <jmm@debian.org>
	Mon, 19 Jun 2023 21:46:06 +0000 (22:46 +0100)
src/isomedia/avc_ext.c		patch \| blob \| history
src/isomedia/sample_descs.c		patch \| blob \| history