From: Reinhard Tartler Date: Sun, 5 Mar 2023 13:04:16 +0000 (-0500) Subject: Fix NULL Pointer Dereference, CVE-2022-2549, closes: #1016142 X-Git-Tag: archive/raspbian/2.0.0+dfsg1-4+rpi1^2~24 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1586c0380b9bd6a17766c2a771d733d913dec917;p=gpac.git Fix NULL Pointer Dereference, CVE-2022-2549, closes: #1016142 --- diff --git a/debian/patches/CVE-2022-2549.patch b/debian/patches/CVE-2022-2549.patch new file mode 100644 index 0000000..9e7de98 --- /dev/null +++ b/debian/patches/CVE-2022-2549.patch @@ -0,0 +1,73 @@ +commit 0102c5d4db7fdbf08b5b591b2a6264de33867a07 +Author: jeanlf +Date: Sun Jul 24 11:30:34 2022 +0200 + + fixed #2232 + +diff --git a/src/scene_manager/scene_dump.c b/src/scene_manager/scene_dump.c +index 6fe250f52..e9bb2e59d 100644 +--- a/src/scene_manager/scene_dump.c ++++ b/src/scene_manager/scene_dump.c +@@ -785,7 +785,7 @@ static void gf_dump_vrml_simple_field(GF_SceneDumper *sdump, GF_FieldInfo field, + } else { + StartAttribute(sdump, "value"); + } +- for (i=0; icount; i++) { ++ for (i=0; mffield && (icount); i++) { + if (i) gf_fprintf(sdump->trace, " "); + gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); + /*this is to cope with single MFString which shall appear as SF in XMT*/ +@@ -938,12 +938,10 @@ static void gf_dump_vrml_field(GF_SceneDumper *sdump, GF_Node *node, GF_FieldInf + } + + if (!sdump->XMLDump) gf_fprintf(sdump->trace, "["); +- if (mffield) { +- for (i=0; icount; i++) { +- if (i) gf_fprintf(sdump->trace, " "); +- gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); +- gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, 1, node); +- } ++ for (i=0; mffield && (icount); i++) { ++ if (i) gf_fprintf(sdump->trace, " "); ++ gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); ++ gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, 1, node); + } + if (!sdump->XMLDump) gf_fprintf(sdump->trace, "]"); + +@@ -1150,7 +1148,7 @@ static void gf_dump_vrml_dyn_field(GF_SceneDumper *sdump, GF_Node *node, GF_Fiel + sdump->indent--; + DUMP_IND(sdump); + } else { +- for (i=0; icount; i++) { ++ for (i=0; mffield && (icount); i++) { + if (i) gf_fprintf(sdump->trace, " "); + if (field.fieldType != GF_SG_VRML_MFNODE) { + gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); +@@ -1191,7 +1189,7 @@ static void gf_dump_vrml_dyn_field(GF_SceneDumper *sdump, GF_Node *node, GF_Fiel + } else { + gf_fprintf(sdump->trace, " %s=\"", GetXMTFieldTypeValueName(field.fieldType)); + } +- for (i=0; icount; i++) { ++ for (i=0; mffield && (icount); i++) { + if (i) gf_fprintf(sdump->trace, " "); + if (field.fieldType != GF_SG_VRML_MFNODE) { + gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); +@@ -1262,13 +1260,11 @@ static void gf_dump_vrml_proto_field(GF_SceneDumper *sdump, GF_Node *node, GF_Fi + } else { + gf_fprintf(sdump->trace, " %s=\"", GetXMTFieldTypeValueName(field.fieldType)); + } +- if (mffield) { +- for (i=0; icount; i++) { +- if (i) gf_fprintf(sdump->trace, " "); +- if (field.fieldType != GF_SG_VRML_MFNODE) { +- gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); +- gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, (mffield->count>1) ? 1 : 0, node); +- } ++ for (i=0; mffield && (icount); i++) { ++ if (i) gf_fprintf(sdump->trace, " "); ++ if (field.fieldType != GF_SG_VRML_MFNODE) { ++ gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); ++ gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, (mffield->count>1) ? 1 : 0, node); + } + } + gf_fprintf(sdump->trace, "\"/>\n"); diff --git a/debian/patches/series b/debian/patches/series index 077a810..86d29dc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -13,3 +13,4 @@ CVE-2022-2454.patch CVE-2022-38530.patch CVE-2022-36186.patch CVE-2022-26967.patch +CVE-2022-2549.patch