From: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Mon, 17 Jan 2022 14:35:59 +0000 (+0100)
Subject: [PATCH] fix overflow on script_dec (#2052)
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~37
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=81ed67412b9bdedc31f25b4f55e7aa05cc663774;p=gpac.git

[PATCH] fix overflow on script_dec (#2052)


Gbp-Pq: Name CVE-2022-24578.patch
---

diff --git a/src/bifs/script_dec.c b/src/bifs/script_dec.c
index cc6794a..fe0fd08 100644
--- a/src/bifs/script_dec.c
+++ b/src/bifs/script_dec.c
@@ -73,13 +73,13 @@ static void SFS_AddString(ScriptParser *parser, char *str)
 	char *new_str;
 	if (!str) return;
 	if (strlen(parser->string) + strlen(str) >= parser->length) {
-		parser->length += PARSER_STEP_ALLOC;
+		parser->length = strlen(parser->string) + strlen(str) + PARSER_STEP_ALLOC;
 		new_str = (char *)gf_malloc(sizeof(char)*parser->length);
 		strcpy(new_str, parser->string);
 		gf_free(parser->string);
 		parser->string = new_str;
 	}
-	strcat(parser->string, str);
+	strncat(parser->string, str, parser->length - strlen(parser->string) - 1);
 }
 
 static void SFS_AddInt(ScriptParser *parser, s32 val)