From: jeanlf <jeanlf@gpac.io>
Date: Mon, 29 Mar 2021 07:17:40 +0000 (+0200)
Subject: [PATCH] fixed 1718
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u1~2^2~14
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=fbc7e984a41bdff9651f05102ee6c97f7acbec6d;p=gpac.git

[PATCH] fixed 1718


Gbp-Pq: Name CVE-2021-29279.patch
---

diff --git a/src/filters/reframe_flac.c b/src/filters/reframe_flac.c
index c442f35..1edec06 100644
--- a/src/filters/reframe_flac.c
+++ b/src/filters/reframe_flac.c
@@ -59,6 +59,7 @@ typedef struct
 	Bool is_playing;
 	Bool is_file;
 	Bool initial_play_done, file_loaded;
+	Bool in_error;
 
 	Bool initialized;
 	u32 sample_rate, nb_channels, bits_per_sample, block_size;
@@ -378,6 +379,9 @@ GF_Err flac_dmx_process(GF_Filter *filter)
 	u64 cts = GF_FILTER_NO_TS;
 	FLACHeader hdr;
 
+	if (ctx->in_error)
+		return GF_NON_COMPLIANT_BITSTREAM;
+
 	//always reparse duration
 	if (!ctx->duration.num)
 		flac_dmx_check_dur(filter, ctx);
@@ -484,7 +488,12 @@ GF_Err flac_dmx_process(GF_Filter *filter)
 			gf_bs_reassign_buffer(ctx->bs, ctx->flac_buffer, size);
 			u32 magic = gf_bs_read_u32(ctx->bs);
 			if (magic != GF_4CC('f','L','a','C')) {
-
+				GF_LOG(GF_LOG_ERROR, GF_LOG_PARSER, ("[FLACDmx] invalid FLAC magic\n"));
+				ctx->in_error = GF_TRUE;
+				ctx->flac_buffer_size = 0;
+				if (pck)
+					gf_filter_pid_drop_packet(ctx->ipid);
+				return GF_NON_COMPLIANT_BITSTREAM;
 			}
 			while (gf_bs_available(ctx->bs)) {
 				Bool last = gf_bs_read_int(ctx->bs, 1);
@@ -514,6 +523,14 @@ GF_Err flac_dmx_process(GF_Filter *filter)
 				}
 				if (last) break;
 			}
+			if (!dsi_end) {
+				GF_LOG(GF_LOG_ERROR, GF_LOG_PARSER, ("[FLACDmx] invalid FLAC header\n"));
+				ctx->in_error = GF_TRUE;
+				ctx->flac_buffer_size = 0;
+				if (pck)
+					gf_filter_pid_drop_packet(ctx->ipid);
+				return GF_NON_COMPLIANT_BITSTREAM;
+			}
 			flac_dmx_check_pid(filter, ctx, ctx->flac_buffer+4, dsi_end-4);
 			remain -= size;
 			start += size;