From 24e75ead6b38a12ed9ad318fd89e2fea3073f434 Mon Sep 17 00:00:00 2001
From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Mon, 19 Jun 2023 22:46:06 +0100
Subject: [PATCH] talos-2021-1297-2

Backport of https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315

Backport of https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315


Gbp-Pq: Name talos-2021-1297-2.patch
---
 src/isomedia/box_code_base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/isomedia/box_code_base.c b/src/isomedia/box_code_base.c
index be4a85f..280b351 100644
--- a/src/isomedia/box_code_base.c
+++ b/src/isomedia/box_code_base.c
@@ -5509,7 +5509,7 @@ GF_Err stss_box_read(GF_Box *s, GF_BitStream *bs)
 
 	ISOM_DECREASE_SIZE(ptr, 4);
 	ptr->nb_entries = gf_bs_read_u32(bs);
-	if (ptr->size <  ptr->nb_entries * 4) {
+	if (ptr->size <  ptr->nb_entries * 4 || (u64)ptr->nb_entries > (u64)SIZE_MAX/sizeof(u32)) {
 		GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[iso file] Invalid number of entries %d in stss\n", ptr->nb_entries));
 		return GF_ISOM_INVALID_FILE;
 	}
-- 
2.30.2