From: jeanlf <jeanlf@gpac.io>
Date: Wed, 18 May 2022 09:49:49 +0000 (+0200)
Subject: [PATCH] fixed #2194
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~44
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1bc74cdb2597f18f1eac4c1050d6c377f4f23ef5;p=gpac.git

[PATCH] fixed #2194


Gbp-Pq: Name CVE-2022-1795.patch
---

diff --git a/src/bifs/memory_decoder.c b/src/bifs/memory_decoder.c
index 4053445..e673e22 100644
--- a/src/bifs/memory_decoder.c
+++ b/src/bifs/memory_decoder.c
@@ -178,7 +178,12 @@ static GF_Err BM_ParseGlobalQuantizer(GF_BifsDecoder *codec, GF_BitStream *bs, G
 	codec->scenegraph->global_qp = NULL;
 
 	if (gf_node_get_tag(node) != TAG_MPEG4_QuantizationParameter) {
-		gf_node_unregister(node, NULL);
+		//if node was just created (num_instances == 0), unregister
+		//otherwise (USE node) don't do anything
+		if (!node->sgprivate->num_instances) {
+			node->sgprivate->num_instances = 1;
+			gf_node_unregister(node, NULL);
+		}
 		return GF_NON_COMPLIANT_BITSTREAM;
 	}
 
@@ -188,7 +193,8 @@ static GF_Err BM_ParseGlobalQuantizer(GF_BifsDecoder *codec, GF_BitStream *bs, G
 	codec->scenegraph->global_qp = node;
 
 	/*register TWICE: once for the command, and for the scenegraph globalQP*/
-	node->sgprivate->num_instances = 2;
+	gf_node_unregister(node, NULL);
+	gf_node_unregister(node, NULL);
 
 	com = gf_sg_command_new(codec->current_graph, GF_SG_GLOBAL_QUANTIZER);
 	inf = gf_sg_command_field_new(com);