From: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Wed, 8 Feb 2023 15:52:00 +0000 (+0100)
Subject: [PATCH] sgpd box entry: disallow null grouping_type (#2389)
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=bb3acdefc7bacef8d0dafda8954979da1fb5eeab;p=gpac.git

[PATCH] sgpd box entry: disallow null grouping_type (#2389)


Gbp-Pq: Name CVE-2023-0760.patch
---

diff --git a/src/isomedia/box_code_base.c b/src/isomedia/box_code_base.c
index 968ead0..69755e2 100644
--- a/src/isomedia/box_code_base.c
+++ b/src/isomedia/box_code_base.c
@@ -9593,6 +9593,9 @@ static void *sgpd_parse_entry(u32 grouping_type, GF_BitStream *bs, u32 entry_siz
 	case GF_ISOM_SAMPLE_GROUP_LBLI:
 		entry_size = 2;
 		break;
+	case 0:
+		GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, ("[iso file] sgpd entry null grouping_type is invalid\n") );
+		return NULL;
 	default:
 		break;
 	}