From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Mon, 19 Jun 2023 21:46:06 +0000 (+0100)
Subject: talos-2021-1297-2
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~95
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=24e75ead6b38a12ed9ad318fd89e2fea3073f434;p=gpac.git

talos-2021-1297-2

Backport of https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315

Backport of https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315


Gbp-Pq: Name talos-2021-1297-2.patch
---

diff --git a/src/isomedia/box_code_base.c b/src/isomedia/box_code_base.c
index be4a85f..280b351 100644
--- a/src/isomedia/box_code_base.c
+++ b/src/isomedia/box_code_base.c
@@ -5509,7 +5509,7 @@ GF_Err stss_box_read(GF_Box *s, GF_BitStream *bs)
 
 	ISOM_DECREASE_SIZE(ptr, 4);
 	ptr->nb_entries = gf_bs_read_u32(bs);
-	if (ptr->size <  ptr->nb_entries * 4) {
+	if (ptr->size <  ptr->nb_entries * 4 || (u64)ptr->nb_entries > (u64)SIZE_MAX/sizeof(u32)) {
 		GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[iso file] Invalid number of entries %d in stss\n", ptr->nb_entries));
 		return GF_ISOM_INVALID_FILE;
 	}