From: jeanlf <jeanlf@gpac.io>
Date: Thu, 8 Apr 2021 08:07:35 +0000 (+0200)
Subject: [PATCH] fixed #1733
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u1~2^2~13
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=2ada415dcc157eb250f8361e083294a683ff4990;p=gpac.git

[PATCH] fixed #1733


Gbp-Pq: Name CVE-2021-31255.patch
---

diff --git a/src/isomedia/box_code_adobe.c b/src/isomedia/box_code_adobe.c
index ab5115f..711d84b 100644
--- a/src/isomedia/box_code_adobe.c
+++ b/src/isomedia/box_code_adobe.c
@@ -79,6 +79,7 @@ GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs)
 	int i;
 	u32 tmp_strsize;
 	char *tmp_str;
+	Bool zfound=GF_FALSE;
 	GF_Err e;
 
 	ISOM_DECREASE_SIZE(ptr, 25)
@@ -102,10 +103,14 @@ GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs)
 		ISOM_DECREASE_SIZE(ptr, 1)
 		tmp_str[i] = gf_bs_read_u8(bs);
 		tmp_strsize--;
-		if (!tmp_str[i])
+		if (!tmp_str[i]) {
+			zfound = GF_TRUE;
 			break;
+		}
 		i++;
 	}
+	if (!zfound)
+		return GF_ISOM_INVALID_FILE;
 	if (i) {
 		ptr->movie_identifier = gf_strdup(tmp_str);
 	}
@@ -114,15 +119,20 @@ GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs)
 	ptr->server_entry_count = gf_bs_read_u8(bs);
 	for (i=0; i<ptr->server_entry_count; i++) {
 		int j=0;
+		zfound = GF_FALSE;
 		tmp_strsize=(u32)ptr->size;
 		while (tmp_strsize) {
 			ISOM_DECREASE_SIZE(ptr, 1)
 			tmp_str[j] = gf_bs_read_u8(bs);
 			tmp_strsize--;
-			if (!tmp_str[j])
+			if (!tmp_str[j]) {
+				zfound = GF_TRUE;
 				break;
+			}
 			j++;
 		}
+		if (!zfound)
+			return GF_ISOM_INVALID_FILE;
 		if (j) {
 			gf_list_insert(ptr->server_entry_table, gf_strdup(tmp_str), i);
 		}
@@ -132,16 +142,21 @@ GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs)
 	ptr->quality_entry_count = gf_bs_read_u8(bs);
 	for (i=0; i<ptr->quality_entry_count; i++) {
 		int j=0;
+		zfound = GF_FALSE;
 		tmp_strsize=(u32)ptr->size;
 		while (tmp_strsize) {
 			ISOM_DECREASE_SIZE(ptr, 1)
 			tmp_str[j] = gf_bs_read_u8(bs);
 			tmp_strsize--;
-			if (!tmp_str[j])
+			if (!tmp_str[j]) {
+				zfound = GF_TRUE;
 				break;
+			}
 			j++;
 		}
 
+		if (!zfound)
+			return GF_ISOM_INVALID_FILE;
 		if (j) {
 			gf_list_insert(ptr->quality_entry_table, gf_strdup(tmp_str), i);
 		}
@@ -149,28 +164,38 @@ GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs)
 
 	i=0;
 	tmp_strsize=(u32)ptr->size;
+	zfound = GF_FALSE;
 	while (tmp_strsize) {
 		ISOM_DECREASE_SIZE(ptr, 1)
 		tmp_str[i] = gf_bs_read_u8(bs);
 		tmp_strsize--;
-		if (!tmp_str[i])
+		if (!tmp_str[i]) {
+			zfound = GF_TRUE;
 			break;
+		}
 		i++;
 	}
+	if (!zfound)
+		return GF_ISOM_INVALID_FILE;
 	if (i) {
 		ptr->drm_data = gf_strdup(tmp_str);
 	}
 
 	i=0;
 	tmp_strsize=(u32)ptr->size;
+	zfound = GF_FALSE;
 	while (tmp_strsize) {
 		ISOM_DECREASE_SIZE(ptr, 1)
 		tmp_str[i] = gf_bs_read_u8(bs);
 		tmp_strsize--;
-		if (!tmp_str[i])
+		if (!tmp_str[i]) {
+			zfound = GF_TRUE;
 			break;
+		}
 		i++;
 	}
+	if (!zfound)
+		return GF_ISOM_INVALID_FILE;
 	if (i) {
 		ptr->meta_data = gf_strdup(tmp_str);
 	}