From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Fri, 15 Feb 2019 11:43:22 +0000 (-0500)
Subject: CVE-2018-20760
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1~1^2^2^2^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=702781360472e7d76af5a893be66895d0bfe21a8;p=gpac.git

CVE-2018-20760

commit 4c1360818fc8948e9307059fba4dc47ba8ad255d
Author: Aurelien David <aurelien.david@telecom-paristech.fr>
Date:   Thu Dec 13 14:39:21 2018 +0100
Description: CVE-2018-20760

    check error code on call to gf_utf8_wcstombs (#1177)


Gbp-Pq: Name CVE-2018-20760.patch
---

diff --git a/src/media_tools/text_import.c b/src/media_tools/text_import.c
index 9f6fb10..f111e05 100644
--- a/src/media_tools/text_import.c
+++ b/src/media_tools/text_import.c
@@ -292,6 +292,8 @@ char *gf_text_get_utf8_line(char *szLine, u32 lineSize, FILE *txt_in, s32 unicod
 	}
 	sptr = (u16 *)szLine;
 	i = (u32) gf_utf8_wcstombs(szLineConv, 1024, (const unsigned short **) &sptr);
+	if (i >= (u32)ARRAY_LENGTH(szLineConv))
+		return NULL;
 	szLineConv[i] = 0;
 	strcpy(szLine, szLineConv);
 	/*this is ugly indeed: since input is UTF16-LE, there are many chances the fgets never reads the \0 after a \n*/