From: jeanlf <jeanlf@gpac.io>
Date: Mon, 30 Aug 2021 12:43:17 +0000 (+0200)
Subject: [PATCH] fixed #1883
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~72
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4d25b8fc233cac9634e40cdf52c25608792cc1d9;p=gpac.git

[PATCH] fixed #1883


Gbp-Pq: Name CVE-2021-40608.patch
---

diff --git a/src/isomedia/tx3g.c b/src/isomedia/tx3g.c
index 799667c..5d60b08 100644
--- a/src/isomedia/tx3g.c
+++ b/src/isomedia/tx3g.c
@@ -888,6 +888,8 @@ GF_Err gf_isom_text_get_encoded_tx3g(GF_ISOFile *file, u32 track, u32 sidx, u32
 	GF_TrackBox *trak;
 	GF_Tx3gSampleEntryBox *a;
 
+	*tx3g = NULL;
+	*tx3g_size = 0;
 	trak = gf_isom_get_track_from_file(file, track);
 	if (!trak) return GF_BAD_PARAM;
 
@@ -897,8 +899,6 @@ GF_Err gf_isom_text_get_encoded_tx3g(GF_ISOFile *file, u32 track, u32 sidx, u32
 
 	bs = gf_bs_new(NULL, 0, GF_BITSTREAM_WRITE);
 	gf_isom_write_tx3g(a, bs, sidx, sidx_offset);
-	*tx3g = NULL;
-	*tx3g_size = 0;
 	gf_bs_get_content(bs, tx3g, tx3g_size);
 	gf_bs_del(bs);
 	return GF_OK;
diff --git a/src/media_tools/isom_hinter.c b/src/media_tools/isom_hinter.c
index 16e3bc7..f423480 100644
--- a/src/media_tools/isom_hinter.c
+++ b/src/media_tools/isom_hinter.c
@@ -951,9 +951,14 @@ GF_Err gf_hinter_track_finalize(GF_RTPHinter *tkHint, Bool AddSystemInfo)
 		strcat(sdpLine, "; tx3g=");
 		for (i=0; i<gf_isom_get_sample_description_count(tkHint->file, tkHint->TrackNum); i++) {
 			u8 *tx3g;
+			GF_Err e;
 			char buffer[2000];
 			u32 tx3g_len, len;
-			gf_isom_text_get_encoded_tx3g(tkHint->file, tkHint->TrackNum, i+1, GF_RTP_TX3G_SIDX_OFFSET, &tx3g, &tx3g_len);
+			e = gf_isom_text_get_encoded_tx3g(tkHint->file, tkHint->TrackNum, i+1, GF_RTP_TX3G_SIDX_OFFSET, &tx3g, &tx3g_len);
+			if (e) {
+				if (i) continue;
+				return GF_ISOM_INVALID_FILE;
+			}
 			len = gf_base64_encode(tx3g, tx3g_len, buffer, 2000);
 			gf_free(tx3g);
 			buffer[len] = 0;