From: jeanlf Date: Mon, 13 Dec 2021 12:04:59 +0000 (+0100) Subject: [PATCH] fixed #1974 X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~54 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5a0713051ff7080a0a5cf91c3d62a3c31c13d6d7;p=gpac.git [PATCH] fixed #1974 Gbp-Pq: Name CVE-2021-45763.patch --- diff --git a/src/bifs/com_dec.c b/src/bifs/com_dec.c index 7b0a1ed..f113a92 100644 --- a/src/bifs/com_dec.c +++ b/src/bifs/com_dec.c @@ -779,7 +779,7 @@ static GF_Err BD_DecFieldReplace(GF_BifsDecoder * codec, GF_BitStream *bs) { GF_Err e; u32 NodeID, ind, field_ind, NumBits; - GF_Node *node, *prev_node; + GF_Node *node; GF_ChildNodeItem *prev_child; GF_FieldInfo field; @@ -794,14 +794,9 @@ static GF_Err BD_DecFieldReplace(GF_BifsDecoder * codec, GF_BitStream *bs) e = gf_node_get_field(node, field_ind, &field); if (e) return e; - prev_node = NULL; prev_child = NULL; - /*store prev SF node*/ - if (field.fieldType == GF_SG_VRML_SFNODE) { - prev_node = *((GF_Node **) field.far_ptr); - } /*store prev MFNode content*/ - else if (field.fieldType == GF_SG_VRML_MFNODE) { + if (field.fieldType == GF_SG_VRML_MFNODE) { prev_child = * ((GF_ChildNodeItem **) field.far_ptr); * ((GF_ChildNodeItem **) field.far_ptr) = NULL; } @@ -816,9 +811,7 @@ static GF_Err BD_DecFieldReplace(GF_BifsDecoder * codec, GF_BitStream *bs) e = gf_bifs_dec_field(codec, bs, node, &field, GF_FALSE); codec->is_com_dec = GF_FALSE; /*remove prev nodes*/ - if (field.fieldType == GF_SG_VRML_SFNODE) { - if (prev_node) e = gf_node_unregister(prev_node, node); - } else if (field.fieldType == GF_SG_VRML_MFNODE) { + if (field.fieldType == GF_SG_VRML_MFNODE) { gf_node_unregister_children(node, prev_child); } if (!e) gf_bifs_check_field_change(node, &field); diff --git a/src/bifs/field_decode.c b/src/bifs/field_decode.c index 8527d59..832cdfd 100644 --- a/src/bifs/field_decode.c +++ b/src/bifs/field_decode.c @@ -238,6 +238,14 @@ GF_Err gf_bifs_dec_sf_field(GF_BifsDecoder * codec, GF_BitStream *bs, GF_Node *n } break; case GF_SG_VRML_SFNODE: + //if not memory dec mode, unregister previous node + //otherwise the field points to the memory command internal field + if (!is_mem_com) { + if ( *((GF_Node **) field->far_ptr) != NULL) { + gf_node_unregister(*((GF_Node **) field->far_ptr), node); + *((GF_Node **) field->far_ptr) = NULL; + } + } //for nodes the field ptr is a ptr to the field, which is a node ptr ;) new_node = gf_bifs_dec_node(codec, bs, field->NDTtype); if (new_node) { @@ -871,19 +879,6 @@ GF_Node *gf_bifs_dec_node(GF_BifsDecoder * codec, GF_BitStream *bs, u32 NDT_Tag) return NULL; } - /*VRML: "The transformation hierarchy shall be a directed acyclic graph; results are undefined if a node - in the transformation hierarchy is its own ancestor" - that's good, because the scene graph can't handle cyclic graphs (destroy will never be called). - We therefore only register the node once parsed*/ - if (nodeID) { - if (strlen(name)) { - gf_node_set_id(new_node, nodeID, name); - } else { - gf_node_set_id(new_node, nodeID, NULL); - } - } - - /*update default time fields except in proto parsing*/ if (!codec->pCurrentProto) UpdateTimeNode(codec, new_node); /*nodes are only init outside protos, nodes internal to protos are never intialized */ @@ -918,6 +913,18 @@ GF_Node *gf_bifs_dec_node(GF_BifsDecoder * codec, GF_BitStream *bs, u32 NDT_Tag) return NULL; } + /*VRML: "The transformation hierarchy shall be a directed acyclic graph; results are undefined if a node + in the transformation hierarchy is its own ancestor" + that's good, because the scene graph can't handle cyclic graphs (destroy will never be called). + We therefore only register the node once parsed*/ + if (nodeID) { + if (strlen(name)) { + gf_node_set_id(new_node, nodeID, name); + } else { + gf_node_set_id(new_node, nodeID, NULL); + } + } + if (!skip_init) gf_node_init(new_node);