From: Reinhard Tartler <siretart@tauware.de>
Date: Sat, 4 Mar 2023 17:49:03 +0000 (-0500)
Subject: Fix Integer Overflow, CVE-2022-2454
X-Git-Tag: archive/raspbian/2.0.0+dfsg1-4+rpi1^2~30
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=10b4587df9652f9a4e36f2bbc64e607dcce9f3ba;p=gpac.git

Fix Integer Overflow, CVE-2022-2454
---

diff --git a/debian/patches/CVE-2022-2454.patch b/debian/patches/CVE-2022-2454.patch
new file mode 100644
index 0000000..cdffaac
--- /dev/null
+++ b/debian/patches/CVE-2022-2454.patch
@@ -0,0 +1,19 @@
+commit faa75edde3dfeba1e2cf6ffa48e45a50f1042096
+Author: jeanlf <jeanlf@gpac.io>
+Date:   Tue Jul 12 18:00:35 2022 +0200
+
+    fixed #2213
+
+diff --git a/src/laser/lsr_dec.c b/src/laser/lsr_dec.c
+index 99d16aaa7..488babb10 100644
+--- a/src/laser/lsr_dec.c
++++ b/src/laser/lsr_dec.c
+@@ -838,6 +838,8 @@ static void lsr_read_id(GF_LASeRCodec *lsr, GF_Node *n)
+ 
+ static Fixed lsr_translate_coords(GF_LASeRCodec *lsr, u32 val, u32 nb_bits)
+ {
++	if (!nb_bits) return 0;
++	
+ #ifdef GPAC_FIXED_POINT
+ 	if (val >> (nb_bits-1) ) {
+ 		s32 neg = (s32) val - (1<<nb_bits);
diff --git a/debian/patches/series b/debian/patches/series
index c194a42..d8f4a91 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ CVE-2022-1222.patch
 CVE-2022-1441.patch
 CVE-2022-1795.patch
 CVE-2022-2453.patch
+CVE-2022-2454.patch