projects / gpac.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7461972)
Fix inf loop, CVE-2022-1222
authorReinhard Tartler <siretart@tauware.de>
Sat, 4 Mar 2023 17:43:29 +0000 (12:43 -0500)
committerReinhard Tartler <siretart@tauware.de>
Sat, 4 Mar 2023 17:43:29 +0000 (12:43 -0500)
debian/patches/CVE-2022-1222.patch [new file with mode: 0644] patch | blob
debian/patches/series patch | blob | history

diff --git a/debian/patches/CVE-2022-1222.patch b/debian/patches/CVE-2022-1222.patch
new file mode 100644 (file)
index 0000000..0589332
--- /dev/null
+++ b/debian/patches/CVE-2022-1222.patch
@@ -0,0 +1,40 @@
+commit 7f060bbb72966cae80d6fee338d0b07fa3fc06e1
+Author: jeanlf <jeanlf@gpac.io>
+Date:   Thu Mar 31 13:57:05 2022 +0200
+
+    fixed #2159
+
+diff --git a/src/media_tools/avilib.c b/src/media_tools/avilib.c
+index 71e751d19..14febb365 100644
+--- a/src/media_tools/avilib.c
++++ b/src/media_tools/avilib.c
+@@ -1884,8 +1884,8 @@ avi_t *AVI_open_fd(FILE *fd, int getIndex)
+ int avi_parse_input_file(avi_t *AVI, int getIndex)
+ {
+-      int i, rate, scale, idx_type;
+-      s64 n;
++      int rate, scale, idx_type;
++      s64 n, i;
+       unsigned char *hdrl_data;
+       u64 header_offset=0;
+       int hdrl_len=0;
+@@ -1939,6 +1939,7 @@ int avi_parse_input_file(avi_t *AVI, int getIndex)
+                               n -= 4;
+                       if(strnicmp(data,"hdrl",4) == 0)
+                       {
++                              if (n>0xFFFFFFFF) ERR_EXIT(AVI_ERR_READ)
+                               hdrl_len = (u32) n;
+                               hdrl_data = (unsigned char *) gf_malloc((u32)n);
+                               if(hdrl_data==0) ERR_EXIT(AVI_ERR_NO_MEM);
+@@ -2091,8 +2092,10 @@ int avi_parse_input_file(avi_t *AVI, int getIndex)
+                                               AVI->compressor2[4] = 0;
+                                               if (n>40) {
++                                                      if (n>0xFFFFFFFF) ERR_EXIT(AVI_ERR_READ)
+                                                       AVI->extradata_size = (u32) (n - 40);
+                                                       AVI->extradata = gf_malloc(sizeof(u8)* AVI->extradata_size);
++                                                      if (!AVI->extradata) ERR_EXIT(AVI_ERR_NO_MEM)
+                                                       memcpy(AVI->extradata, hdrl_data + i + 40, AVI->extradata_size);
+                                               }
diff --git a/debian/patches/series b/debian/patches/series
index 88f837374588040d7281609d5720eb870f1544b0..b092b05c41f4a29a374dbcb14a78148b5a5fce26 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ CVE-2022-29340.patch
 CVE-2022-30976.patch
 CVE-2022-1035.patch
 CVE-2022-1172.patch
+CVE-2022-1222.patch
Unnamed repository; edit this file 'description' to name the repository.