From: Debian Multimedia Maintainers Date: Mon, 19 Jun 2023 21:46:06 +0000 (+0100) Subject: CVE-2022-24574 X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~39 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6ddd7cbe637f9b37cb9b818f17070337f7b37fa1;p=gpac.git CVE-2022-24574 Origin: https://github.com/gpac/gpac/commit/9f8510835b97a729baf3646a3171bf51b4a8592e Reviewed-by: Aron Xu From 9f8510835b97a729baf3646a3171bf51b4a8592e Mon Sep 17 00:00:00 2001 From: jeanlf Date: Wed, 19 Jan 2022 12:12:43 +0100 Subject: [PATCH] fixed #2055 Gbp-Pq: Name CVE-2022-24574.patch --- diff --git a/src/filters/isoffin_read_ch.c b/src/filters/isoffin_read_ch.c index b5e0df3..a995f9a 100644 --- a/src/filters/isoffin_read_ch.c +++ b/src/filters/isoffin_read_ch.c @@ -365,10 +365,10 @@ void isor_reader_get_sample(ISOMChannel *ch) ch->sample_num--; } else { if (ch->to_init && ch->sample_num) { - GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[IsoMedia] Failed to fetch initial sample %d for track %d\n")); + GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[IsoMedia] Failed to fetch initial sample %d for track %d\n", ch->sample_num, ch->track)); ch->last_state = GF_ISOM_INVALID_FILE; - } - if (ch->sample_num >= gf_isom_get_sample_count(ch->owner->mov, ch->track)) { + } else { + GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[IsoMedia] File truncated, aborting read for track %d\n", ch->track)); ch->last_state = GF_EOS; } } @@ -391,6 +391,9 @@ void isor_reader_get_sample(ISOMChannel *ch) } } else { GF_LOG(GF_LOG_DEBUG, GF_LOG_DASH, ("[IsoMedia] Track #%d fail to fetch sample %d / %d: %s\n", ch->track, ch->sample_num, gf_isom_get_sample_count(ch->owner->mov, ch->track), gf_error_to_string(gf_isom_last_error(ch->owner->mov)) )); + if ((elast_state = GF_EOS; + } } return; } diff --git a/src/media_tools/media_export.c b/src/media_tools/media_export.c index f8168f9..0fa7388 100644 --- a/src/media_tools/media_export.c +++ b/src/media_tools/media_export.c @@ -1038,6 +1038,11 @@ GF_Err gf_media_export_saf(GF_MediaExporter *dumper) GF_ISOSample *samp; if (safs[i].last_sample==safs[i].nb_samp) continue; samp = gf_isom_get_sample(dumper->file, safs[i].track_num, safs[i].last_sample + 1, &di); + if (!samp) { + gf_saf_mux_del(mux); + return gf_isom_last_error(dumper->file); + } + gf_saf_mux_add_au(mux, safs[i].stream_id, (u32) (samp->DTS+samp->CTS_Offset), samp->data, samp->dataLength, (samp->IsRAP==RAP) ? 1 : 0); /*data is kept by muxer!!*/ gf_free(samp); diff --git a/src/scene_manager/scene_dump.c b/src/scene_manager/scene_dump.c index 14dae93..c0194a8 100644 --- a/src/scene_manager/scene_dump.c +++ b/src/scene_manager/scene_dump.c @@ -937,10 +937,12 @@ static void gf_dump_vrml_field(GF_SceneDumper *sdump, GF_Node *node, GF_FieldInf } if (!sdump->XMLDump) gf_fprintf(sdump->trace, "["); - for (i=0; icount; i++) { - if (i) gf_fprintf(sdump->trace, " "); - gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); - gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, 1, node); + if (mffield) { + for (i=0; icount; i++) { + if (i) gf_fprintf(sdump->trace, " "); + gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); + gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, 1, node); + } } if (!sdump->XMLDump) gf_fprintf(sdump->trace, "]"); @@ -1258,11 +1260,13 @@ static void gf_dump_vrml_proto_field(GF_SceneDumper *sdump, GF_Node *node, GF_Fi } else { gf_fprintf(sdump->trace, " %s=\"", GetXMTFieldTypeValueName(field.fieldType)); } - for (i=0; icount; i++) { - if (i) gf_fprintf(sdump->trace, " "); - if (field.fieldType != GF_SG_VRML_MFNODE) { - gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); - gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, (mffield->count>1) ? 1 : 0, node); + if (mffield) { + for (i=0; icount; i++) { + if (i) gf_fprintf(sdump->trace, " "); + if (field.fieldType != GF_SG_VRML_MFNODE) { + gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); + gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, (mffield->count>1) ? 1 : 0, node); + } } } gf_fprintf(sdump->trace, "\"/>\n");