From: jeanlf <jeanlf@gpac.io>
Date: Mon, 10 May 2021 09:26:57 +0000 (+0200)
Subject: [PATCH] fixed #1785 (fuzz)
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~63
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=79651a5217a5f1aa9ca4cf38b5ece8aedd21a8d9;p=gpac.git

[PATCH] fixed #1785 (fuzz)


Gbp-Pq: Name CVE-2021-33366.patch
---

diff --git a/src/isomedia/avc_ext.c b/src/isomedia/avc_ext.c
index c00cff0..701d0f3 100644
--- a/src/isomedia/avc_ext.c
+++ b/src/isomedia/avc_ext.c
@@ -3169,8 +3169,10 @@ GF_Err gf_isom_oinf_read_entry(void *entry, GF_BitStream *bs)
 		op->output_layer_set_idx = gf_bs_read_u16(bs);
 		op->max_temporal_id = gf_bs_read_u8(bs);
 		op->layer_count = gf_bs_read_u8(bs);
-		if (op->layer_count > GF_ARRAY_LENGTH(op->layers_info))
+		if (op->layer_count > GF_ARRAY_LENGTH(op->layers_info)) {
+			gf_free(op);
 			return GF_NON_COMPLIANT_BITSTREAM;
+		}
 		for (j = 0; j < op->layer_count; j++) {
 			op->layers_info[j].ptl_idx = gf_bs_read_u8(bs);
 			op->layers_info[j].layer_id = gf_bs_read_int(bs, 6);