From 4f3470177f074b4c92127b0423cfea80ab023c6e Mon Sep 17 00:00:00 2001 From: Debian Multimedia Maintainers Date: Mon, 19 Jun 2023 22:46:06 +0100 Subject: [PATCH] CVE-2022-38530 Origin: https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d Reviewed-by: Aron Xu From 4e56ad72ac1afb4e049a10f2d99e7512d7141f9d Mon Sep 17 00:00:00 2001 From: jeanlf Date: Tue, 12 Jul 2022 18:29:36 +0200 Subject: [PATCH] fixed #2216 Gbp-Pq: Name CVE-2022-38530.patch --- applications/mp4box/main.c | 2 +- src/odf/desc_private.c | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/applications/mp4box/main.c b/applications/mp4box/main.c index aec7ef6..34291e6 100644 --- a/applications/mp4box/main.c +++ b/applications/mp4box/main.c @@ -1359,7 +1359,7 @@ GF_Err HintFile(GF_ISOFile *file, u32 MTUSize, u32 max_ptime, u32 rtp_rate, u32 if (e) { fprintf(stderr, "Error while hinting (%s)\n", gf_error_to_string(e)); - if (!nb_done) return e; + return e; } init_payt++; nb_done ++; diff --git a/src/odf/desc_private.c b/src/odf/desc_private.c index a22c7cc..33313f1 100644 --- a/src/odf/desc_private.c +++ b/src/odf/desc_private.c @@ -273,7 +273,7 @@ GF_Err gf_odf_delete_descriptor(GF_Descriptor *desc) // // READERS // -GF_Err gf_odf_read_descriptor(GF_BitStream *bs, GF_Descriptor *desc, u32 DescSize) +static GF_Err gf_odf_read_descriptor_internal(GF_BitStream *bs, GF_Descriptor *desc, u32 DescSize) { switch (desc->tag) { case GF_ODF_IOD_TAG : @@ -368,7 +368,17 @@ GF_Err gf_odf_read_descriptor(GF_BitStream *bs, GF_Descriptor *desc, u32 DescSiz return GF_OK; } - +GF_Err gf_odf_read_descriptor(GF_BitStream *bs, GF_Descriptor *desc, u32 DescSize) +{ + u64 cookie = gf_bs_get_cookie(bs); + //we allow 100 max desc in a hierarchy - see issue 2216 + if (cookie>100) + return GF_NON_COMPLIANT_BITSTREAM; + gf_bs_set_cookie(bs, cookie+1); + GF_Err e = gf_odf_read_descriptor_internal(bs, desc, DescSize); + gf_bs_set_cookie(bs, cookie); + return e; +} -- 2.30.2