From: jeanlf <jeanlf@gpac.io>
Date: Mon, 12 Dec 2022 09:14:43 +0000 (+0100)
Subject: [PATCH] fixed #2343
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~26
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f48b0951903e9bdd4b31ad69c54b121380919e16;p=gpac.git

[PATCH] fixed #2343


Gbp-Pq: Name CVE-2022-47091.patch
---

diff --git a/src/filters/load_text.c b/src/filters/load_text.c
index 9447647..5914505 100644
--- a/src/filters/load_text.c
+++ b/src/filters/load_text.c
@@ -1753,7 +1753,7 @@ static GF_Err gf_text_process_sub(GF_Filter *filter, GF_TXTIn *ctx)
 	u32 i, j, len, line;
 	GF_TextSample *samp;
 	Double ts_scale;
-	char szLine[2048], szTime[20], szText[2048];
+	char szLine[2048], szTime[41], szText[2048];
 
 	//same setup as for srt
 	if (!ctx->is_setup) {
@@ -1795,8 +1795,7 @@ static GF_Err gf_text_process_sub(GF_Filter *filter, GF_TXTIn *ctx)
 		while (szLine[i+1] && szLine[i+1]!='}') {
 			szTime[i] = szLine[i+1];
 			i++;
-			if (i>=19)
-				break;
+			if (i>=40) break;
 		}
 		szTime[i] = 0;
 		ctx->start = atoi(szTime);
@@ -1813,6 +1812,7 @@ static GF_Err gf_text_process_sub(GF_Filter *filter, GF_TXTIn *ctx)
 		while (szLine[i+1+j] && szLine[i+1+j]!='}') {
 			szTime[i] = szLine[i+1+j];
 			i++;
+			if (i>=40) break;
 		}
 		szTime[i] = 0;
 		ctx->end = atoi(szTime);