From: Reinhard Tartler <siretart@tauware.de>
Date: Sat, 4 Mar 2023 17:37:28 +0000 (-0500)
Subject: Fix Null Pointer Dereference in gf_isom_parse_movie_boxes_internal, CVE-2022-29340
X-Git-Tag: archive/raspbian/2.0.0+dfsg1-4+rpi1^2~40
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=fa1063f8a38064a1cddcd65b1d08ca178f2ae910;p=gpac.git

Fix Null Pointer Dereference in gf_isom_parse_movie_boxes_internal, CVE-2022-29340
---

diff --git a/debian/patches/CVE-2022-29340.patch b/debian/patches/CVE-2022-29340.patch
new file mode 100644
index 0000000..7a3aaa7
--- /dev/null
+++ b/debian/patches/CVE-2022-29340.patch
@@ -0,0 +1,36 @@
+commit 37592ad86c6ca934d34740012213e467acc4a3b0
+Author: jeanlf <jeanlf@gpac.io>
+Date:   Tue Apr 12 10:35:52 2022 +0200
+
+    fixed #2163
+
+Index: gpac/src/isomedia/box_funcs.c
+===================================================================
+--- gpac.orig/src/isomedia/box_funcs.c
++++ gpac/src/isomedia/box_funcs.c
+@@ -303,8 +303,10 @@ GF_Err gf_isom_box_parse_ex(GF_Box **out
+ 	if (e && (e != GF_ISOM_INCOMPLETE_FILE)) {
+ 		gf_isom_box_del(newBox);
+ 		*outBox = NULL;
++		if (is_root_box && (e==GF_SKIP_BOX))
++			e = GF_ISOM_INVALID_FILE;
+ 
+-		if (!skip_logs) {
++		if (!skip_logs && (e!=GF_SKIP_BOX)) {
+ 			GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[iso file] Read Box \"%s\" (start "LLU") failed (%s) - skipping\n", gf_4cc_to_str(type), start, gf_error_to_string(e)));
+ 		}
+ 		//we don't try to reparse known boxes that have been failing (too dangerous)
+Index: gpac/src/isomedia/isom_intern.c
+===================================================================
+--- gpac.orig/src/isomedia/isom_intern.c
++++ gpac/src/isomedia/isom_intern.c
+@@ -373,7 +373,8 @@ static GF_Err gf_isom_parse_movie_boxes_
+ 		e = gf_isom_parse_root_box(&a, mov->movieFileMap->bs, boxType, bytesMissing, progressive_mode);
+ 
+ 		if (e >= 0) {
+-
++			//safety check, should never happen
++			if (!a) return GF_ISOM_INVALID_FILE;
+ 		} else if (e == GF_ISOM_INCOMPLETE_FILE) {
+ 			/*our mdat is uncomplete, only valid for READ ONLY files...*/
+ 			if (mov->openMode != GF_ISOM_OPEN_READ) {
diff --git a/debian/patches/series b/debian/patches/series
index 9740ec7..5560178 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 gcc-optflags.patch
 dont-err-build-on-uknown-system.patch
 CVE-2022-29339.patch
+CVE-2022-29340.patch