From: jeanlf <jeanlf@github.com>
Date: Thu, 9 Sep 2021 12:36:47 +0000 (+0200)
Subject: [PATCH] fixed #1910 #1911
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~70
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c8af46244a7574405f34a429d2efb96012eb9d6e;p=gpac.git

[PATCH] fixed #1910 #1911


Gbp-Pq: Name CVE-2021-41456.patch
---

diff --git a/src/filters/dmx_nhml.c b/src/filters/dmx_nhml.c
index 6c3a775..c06b230 100644
--- a/src/filters/dmx_nhml.c
+++ b/src/filters/dmx_nhml.c
@@ -999,10 +999,17 @@ static GF_Err nhmldmx_send_sample(GF_Filter *filter, GF_NHMLDmxCtx *ctx)
 					} else {
 						base_data = att->value;
 					}
+				} else if (!strnicmp(att->value, "gmem://", 7)) {
+					GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, ("[NHMLDmx] Invalid url %s for NHML import\n", att->value));
 				} else {
 					char *url = gf_url_concatenate(ctx->src_url, att->value);
-					strcpy(szMediaTemp, url ? url : att->value);
-					if (url) gf_free(url);
+					if (!url) {
+						GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, ("[NHMLDmx] Failed to get full url for %s\n", att->value));
+					} else {
+						strncpy(szMediaTemp, url, GF_MAX_PATH-1);
+						szMediaTemp[GF_MAX_PATH-1] = 0;
+						gf_free(url);
+					}
 				}
 			}
 			else if (!stricmp(att->name, "xmlFrom")) strcpy(szXmlFrom, att->value);