From: jeanlf <jeanlf@gpac.io>
Date: Mon, 19 Dec 2022 11:26:02 +0000 (+0100)
Subject: [PATCH] fixed #2360
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~19
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=167dad8538919815469d7acc3b61788623cd49ad;p=gpac.git

[PATCH] fixed #2360


Gbp-Pq: Name CVE-2022-47663.patch
---

diff --git a/src/filters/reframe_h263.c b/src/filters/reframe_h263.c
index c0f08e4..4b247d8 100644
--- a/src/filters/reframe_h263.c
+++ b/src/filters/reframe_h263.c
@@ -478,7 +478,14 @@ GF_Err h263dmx_process(GF_Filter *filter)
 		if (current>0) {
 			if (!ctx->opid) {
 				if (ctx->bytes_in_header) {
-					ctx->bytes_in_header -= current;
+					if (ctx->bytes_in_header<current) {
+						current-=ctx->bytes_in_header;
+						ctx->bytes_in_header = 0;
+						start += current;
+						remain -= current;
+					} else {
+						ctx->bytes_in_header -= current;
+					}
 				} else {
 					start += current;
 					remain -= current;
@@ -497,8 +504,16 @@ GF_Err h263dmx_process(GF_Filter *filter)
 				if (byte_offset != GF_FILTER_NO_BO) {
 					gf_filter_pck_set_byte_offset(dst_pck, byte_offset - ctx->bytes_in_header);
 				}
-				ctx->bytes_in_header -= current;
 				memcpy(pck_data, ctx->hdr_store, current);
+				//we may have a partial startcode
+				if (current>ctx->bytes_in_header) {
+					current -= ctx->bytes_in_header;
+					start += current;
+					remain -= current;
+					ctx->bytes_in_header = 0;
+				} else {
+					ctx->bytes_in_header -= current;
+				}
 			} else {
 				if (byte_offset != GF_FILTER_NO_BO) {
 					gf_filter_pck_set_byte_offset(dst_pck, byte_offset);