From: jeanlf <jeanlf@gpac.io>
Date: Wed, 4 Jan 2023 10:25:11 +0000 (+0100)
Subject: [PATCH] fixed #2364
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~5
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6063e11c5e02aefa0f095ec6afacef1c00db1b18;p=gpac.git

[PATCH] fixed #2364


Gbp-Pq: Name CVE-2023-23144.patch
---

diff --git a/src/bifs/unquantize.c b/src/bifs/unquantize.c
index a4bfcbf..160e9fe 100644
--- a/src/bifs/unquantize.c
+++ b/src/bifs/unquantize.c
@@ -2,7 +2,7 @@
  *			GPAC - Multimedia Framework C SDK
  *
  *			Authors: Jean Le Feuvre
- *			Copyright (c) Telecom ParisTech 2000-2012
+ *			Copyright (c) Telecom ParisTech 2000-2023
  *					All rights reserved
  *
  *  This file is part of GPAC / BIFS codec sub-project
@@ -284,7 +284,7 @@ GF_Err Q_DecCoordOnUnitSphere(GF_BifsDecoder *codec, GF_BitStream *bs, u32 NbBit
 	s32 value;
 	Fixed tang[4], delta;
 	s32 dir;
-
+	if (NbBits>32) return GF_NON_COMPLIANT_BITSTREAM;
 	if (NbComp != 2 && NbComp != 3) return GF_BAD_PARAM;
 
 	//only 2 or 3 comp in the quantized version