From: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Mon, 13 Feb 2023 14:41:48 +0000 (+0100)
Subject: [PATCH] mpeg2ts: add section size check (#2395)
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~16
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=cce66290527895bed7243d846126765f74c94741;p=gpac.git

[PATCH] mpeg2ts: add section size check (#2395)


Gbp-Pq: Name CVE-2023-0819.patch
---

diff --git a/src/media_tools/mpegts.c b/src/media_tools/mpegts.c
index 8f26bc7..386d699 100644
--- a/src/media_tools/mpegts.c
+++ b/src/media_tools/mpegts.c
@@ -925,6 +925,11 @@ static void gf_m2ts_process_tdt_tot(GF_M2TS_Demuxer *ts, GF_M2TS_SECTION_ES *tdt
 		return;
 	}
 
+	if (data_size < 5) {
+		GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[MPEG-2 TS] Section data size too small to read date (len: %u)\n", data_size));
+		return;
+	}
+
 	/*UTC_time - see annex C of DVB-SI ETSI EN 300468*/
 /* decodes an Modified Julian Date (MJD) into a Co-ordinated Universal Time (UTC)
 See annex C of DVB-SI ETSI EN 300468 */