From 04635a354b8eaeb8df076638d589d8ebc0a12af2 Mon Sep 17 00:00:00 2001
From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Mon, 19 Jun 2023 22:46:06 +0100
Subject: [PATCH] CVE-2021-40559

Origin: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7
Reviewed-by: Aron Xu <aron@debian.org>

From 70607fc71a671cf48a05e013a4e411429373dce7 Mon Sep 17 00:00:00 2001
From: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Tue, 24 Aug 2021 18:16:50 +0200
Subject: [PATCH] add some null guards to prevent segfaults

closes #1884, #1886

Gbp-Pq: Name CVE-2021-40559.patch
---
 src/filters/reframe_nalu.c | 12 ++++++------
 src/isomedia/isom_intern.c | 10 ++++++----
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/filters/reframe_nalu.c b/src/filters/reframe_nalu.c
index d3f2ee0..74abd2b 100644
--- a/src/filters/reframe_nalu.c
+++ b/src/filters/reframe_nalu.c
@@ -314,7 +314,7 @@ GF_Err naludmx_configure_pid(GF_Filter *filter, GF_FilterPid *pid, Bool is_remov
 		ctx->ps_modified = GF_TRUE;
 		ctx->crc_cfg = ctx->crc_cfg_enh = 0;
 	}
-	
+
 	return GF_OK;
 }
 
@@ -694,7 +694,7 @@ GF_Err naludmx_set_hevc_oinf(GF_NALUDmxCtx *ctx, u8 *max_temporal_id)
 	if (!vps_sl) return GF_SERVICE_ERROR;
 
 	vps = &ctx->hevc_state->vps[vps_sl->id];
-	
+
 	if (!vps->vps_extension_found) return GF_OK;
 	if (vps->max_layers<2) return GF_OK;
 
@@ -836,7 +836,7 @@ static void naludmx_set_hevc_linf(GF_NALUDmxCtx *ctx)
 		return;
 
 	bs = gf_bs_new(NULL, 0, GF_BITSTREAM_WRITE);
-	
+
 	gf_bs_write_int(bs, 0, 2);
 	gf_bs_write_int(bs, nb_layers, 6);
 	for (i=0; i<nb_layers; i++) {
@@ -1881,7 +1881,7 @@ static s32 naludmx_parse_nal_avc(GF_NALUDmxCtx *ctx, char *data, u32 size, u32 n
 		*skip_nal = GF_TRUE;
 	}
 	ctx->nb_nalus++;
-	
+
 	switch (nal_type) {
 	case GF_AVC_NALU_SVC_SUBSEQ_PARAM:
 	case GF_AVC_NALU_SEQ_PARAM:
@@ -1999,7 +1999,7 @@ static s32 naludmx_parse_nal_avc(GF_NALUDmxCtx *ctx, char *data, u32 size, u32 n
 			u32 i;
 			for (i = 0; i < gf_list_count(ctx->pps); i ++) {
 				GF_AVCConfigSlot *slc = (GF_AVCConfigSlot*)gf_list_get(ctx->pps, i);
-				if (ctx->avc_state->s_info.pps->id == slc->id) {
+				if (ctx->avc_state->s_info.pps && ctx->avc_state->s_info.pps->id == slc->id) {
 					/* This PPS is used by an SVC NAL unit, it should be moved to the SVC Config Record) */
 					gf_list_rem(ctx->pps, i);
 					i--;
@@ -2367,7 +2367,7 @@ naldmx_flush:
 		if (!ctx->opid && current) {
 			assert(remain>=current);
             assert((s32) current >= 0);
-            
+
 			start += current;
 			remain -= current;
 			current = 0;
diff --git a/src/isomedia/isom_intern.c b/src/isomedia/isom_intern.c
index 8354936..ce2a4f4 100644
--- a/src/isomedia/isom_intern.c
+++ b/src/isomedia/isom_intern.c
@@ -499,10 +499,12 @@ GF_Err gf_isom_parse_movie_boxes(GF_ISOFile *mov, u32 *boxType, u64 *bytesMissin
 						//we should only parse senc/psec when no saiz/saio is present, otherwise we fetch the info directly
 						if (traf->trex && traf->tfhd && traf->trex->track && traf->sample_encryption) {
 							GF_TrackBox *trak = GetTrackbyID(mov->moov, traf->tfhd->trackID);
-							trak->current_traf_stsd_idx = traf->tfhd->sample_desc_index ? traf->tfhd->sample_desc_index : traf->trex->def_sample_desc_index;
-							e = senc_Parse(mov->movieFileMap->bs, trak, traf, traf->sample_encryption);
-							if (e) return e;
-							trak->current_traf_stsd_idx = 0;
+							if (trak) {
+								trak->current_traf_stsd_idx = traf->tfhd->sample_desc_index ? traf->tfhd->sample_desc_index : traf->trex->def_sample_desc_index;
+								e = senc_Parse(mov->movieFileMap->bs, trak, traf, traf->sample_encryption);
+								if (e) return e;
+								trak->current_traf_stsd_idx = 0;
+							}
 						}
 					}
 				} else {
-- 
2.30.2