From: Reinhard Tartler <siretart@tauware.de>
Date: Sat, 4 Mar 2023 17:38:59 +0000 (-0500)
Subject: Fix buffer overflow in utf8_wcslen, CVE-2022-30976
X-Git-Tag: archive/raspbian/2.0.0+dfsg1-4+rpi1^2~39
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=356229cfb80dd2437bb478fe6732add4ba9789c9;p=gpac.git

Fix buffer overflow in utf8_wcslen, CVE-2022-30976
---

diff --git a/debian/patches/CVE-2022-30976.patch b/debian/patches/CVE-2022-30976.patch
new file mode 100644
index 0000000..752106c
--- /dev/null
+++ b/debian/patches/CVE-2022-30976.patch
@@ -0,0 +1,34 @@
+commit 1773b7a34bc08734aee7d3f5dfe65d06389fe15a
+Author: jeanlf <jeanlf@gpac.io>
+Date:   Tue Apr 19 09:08:45 2022 +0200
+
+    fixed #2173
+
+diff --git a/src/ietf/rtp_pck_mpeg4.c b/src/ietf/rtp_pck_mpeg4.c
+index d8bec0d20..462d2c99b 100644
+--- a/src/ietf/rtp_pck_mpeg4.c
++++ b/src/ietf/rtp_pck_mpeg4.c
+@@ -421,6 +421,7 @@ GF_Err gp_rtp_builder_do_avc(GP_RTPPacketizer *builder, u8 *nalu, u32 nalu_size,
+ 	}
+ 
+ 	if (!nalu) return GF_OK;
++	if (nalu_size<1) return GF_NON_COMPLIANT_BITSTREAM;
+ 
+ 	/*need a new RTP packet*/
+ 	if (!builder->bytesInPacket) {
+@@ -559,6 +560,7 @@ GF_Err gp_rtp_builder_do_hevc(GP_RTPPacketizer *builder, u8 *nalu, u32 nalu_size
+ 	}
+ 
+ 	if (!nalu) return GF_OK;
++	if (nalu_size<2) return GF_NON_COMPLIANT_BITSTREAM;
+ 
+ 	/*need a new RTP packet*/
+ 	if (!builder->bytesInPacket) {
+@@ -714,6 +716,7 @@ GF_Err gp_rtp_builder_do_vvc(GP_RTPPacketizer *builder, u8 *nalu, u32 nalu_size,
+ 	}
+ 
+ 	if (!nalu) return GF_OK;
++	if (nalu_size<2) return GF_NON_COMPLIANT_BITSTREAM;
+ 
+ 	/*need a new RTP packet*/
+ 	if (!builder->bytesInPacket) {
diff --git a/debian/patches/series b/debian/patches/series
index 5560178..68e6b04 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ gcc-optflags.patch
 dont-err-build-on-uknown-system.patch
 CVE-2022-29339.patch
 CVE-2022-29340.patch
+CVE-2022-30976.patch