From: jeanlf <jeanlf@gpac.io>
Date: Tue, 19 Apr 2022 07:15:58 +0000 (+0200)
Subject: [PATCH] fixed #2175
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~45
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1651b4581d61572c75736fcd388f3aafe208e21d;p=gpac.git

[PATCH] fixed #2175


Gbp-Pq: Name CVE-2022-1441.patch
---

diff --git a/src/isomedia/box_code_3gpp.c b/src/isomedia/box_code_3gpp.c
index 0e8681c..f48c777 100644
--- a/src/isomedia/box_code_3gpp.c
+++ b/src/isomedia/box_code_3gpp.c
@@ -1121,20 +1121,12 @@ void diST_box_del(GF_Box *s)
 
 GF_Err diST_box_read(GF_Box *s, GF_BitStream *bs)
 {
-	u32 i;
-	char str[1024];
 	GF_DIMSScriptTypesBox *p = (GF_DIMSScriptTypesBox *)s;
 
-	i=0;
-	str[0]=0;
-	while (1) {
-		str[i] = gf_bs_read_u8(bs);
-		if (!str[i]) break;
-		i++;
-	}
-	ISOM_DECREASE_SIZE(p, i);
-
-	p->content_script_types = gf_strdup(str);
+	p->content_script_types = gf_malloc(sizeof(char) * (s->size+1));
+	if (!p->content_script_types) return GF_OUT_OF_MEM;
+	gf_bs_read_data(bs, p->content_script_types, s->size);
+	p->content_script_types[s->size] = 0;
 	return GF_OK;
 }