From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Mon, 19 Jun 2023 21:46:06 +0000 (+0100)
Subject: CVE-2022-47661
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~21
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=2f3538234efd33d54df2f05d5f7da55fced8916f;p=gpac.git

CVE-2022-47661

Origin: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618
Reviewed-by: Aron Xu <aron@debian.org>

From aa8fbec874b5e040854effff5309aa445c234618 Mon Sep 17 00:00:00 2001
From: jeanlf <jeanlf@gpac.io>
Date: Mon, 19 Dec 2022 11:50:31 +0100
Subject: [PATCH] fixed #2358


Gbp-Pq: Name CVE-2022-47661.patch
---

diff --git a/src/media_tools/av_parsers.c b/src/media_tools/av_parsers.c
index 50efd9e..3ae894b 100644
--- a/src/media_tools/av_parsers.c
+++ b/src/media_tools/av_parsers.c
@@ -6204,7 +6204,10 @@ u32 gf_media_avc_reformat_sei(u8 *buffer, u32 nal_size, Bool isobmf_rewrite, AVC
 		if (gf_bs_available(bs) <= 2) {
 			var = gf_bs_read_int(bs, 8);
 			if (var != 0x80) {
-				GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, ("[avc-h264] SEI user message has less than 2 bytes remaining but no end of sei found\n"));
+				GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, ("[avc-h264] SEI user message has less than 2 bytes remaining but no end of sei found, keeping full SEI untouched\n"));
+				if (bs_dest) gf_bs_del(bs_dest);
+				gf_bs_del(bs);
+				return nal_size;
 			}
 			if (bs_dest) gf_bs_write_int(bs_dest, 0x80, 8);
 			break;