From 558e33337fb081411260b181ceed9254ed21e466 Mon Sep 17 00:00:00 2001
From: jeanlf <jeanlf@gpac.io>
Date: Fri, 12 Mar 2021 11:56:53 +0100
Subject: [PATCH] [PATCH] fixed #1706

Gbp-Pq: Name CVE-2021-31258.patch
---
 src/isomedia/isom_read.c      |  1 +
 src/isomedia/isom_write.c     | 13 ++++++++++---
 src/media_tools/isom_hinter.c |  6 +++++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/isomedia/isom_read.c b/src/isomedia/isom_read.c
index 535542c..a654391 100644
--- a/src/isomedia/isom_read.c
+++ b/src/isomedia/isom_read.c
@@ -3802,6 +3802,7 @@ u32 gf_isom_guess_specification(GF_ISOFile *file)
 			case GF_ISOM_SUBTYPE_MPEG4_CRYP:
 			{
 				GF_DecoderConfig *dcd = gf_isom_get_decoder_config(file, i+1, 1);
+				if (!dcd) break;
 				switch (dcd->streamType) {
 				case GF_STREAM_VISUAL:
 					if (dcd->objectTypeIndication==GF_CODECID_MPEG4_PART2) nb_m4v++;
diff --git a/src/isomedia/isom_write.c b/src/isomedia/isom_write.c
index bb8a0dc..f4c565c 100644
--- a/src/isomedia/isom_write.c
+++ b/src/isomedia/isom_write.c
@@ -5224,6 +5224,7 @@ GF_Err gf_isom_set_extraction_slc(GF_ISOFile *the_file, u32 trackNumber, u32 Str
 	GF_SampleEntryBox *entry;
 	GF_Err e;
 	GF_SLConfig **slc;
+	GF_ESDBox *esds;
 
 	trak = gf_isom_get_track_from_file(the_file, trackNumber);
 	if (!trak) return GF_BAD_PARAM;
@@ -5234,15 +5235,21 @@ GF_Err gf_isom_set_extraction_slc(GF_ISOFile *the_file, u32 trackNumber, u32 Str
 	//we must be sure we are not using a remote ESD
 	switch (entry->type) {
 	case GF_ISOM_BOX_TYPE_MP4S:
-		if (((GF_MPEGSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM;
+		esds = ((GF_MPEGSampleEntryBox *)entry)->esd;
+		if (!esds || !esds->desc || !esds->desc->slConfig || (esds->desc->slConfig->predefined != SLPredef_MP4))
+			return GF_ISOM_INVALID_FILE;
 		slc = & ((GF_MPEGSampleEntryBox *)entry)->slc;
 		break;
 	case GF_ISOM_BOX_TYPE_MP4A:
-		if (((GF_MPEGAudioSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM;
+		esds = ((GF_MPEGAudioSampleEntryBox *)entry)->esd;
+		if (!esds || !esds->desc || !esds->desc->slConfig || (esds->desc->slConfig->predefined != SLPredef_MP4))
+			return GF_ISOM_INVALID_FILE;
 		slc = & ((GF_MPEGAudioSampleEntryBox *)entry)->slc;
 		break;
 	case GF_ISOM_BOX_TYPE_MP4V:
-		if (((GF_MPEGVisualSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM;
+		esds = ((GF_MPEGVisualSampleEntryBox *)entry)->esd;
+		if (!esds || !esds->desc || !esds->desc->slConfig || (esds->desc->slConfig->predefined != SLPredef_MP4))
+			return GF_ISOM_INVALID_FILE;
 		slc = & ((GF_MPEGVisualSampleEntryBox *)entry)->slc;
 		break;
 	default:
diff --git a/src/media_tools/isom_hinter.c b/src/media_tools/isom_hinter.c
index 22ffa65..477464b 100644
--- a/src/media_tools/isom_hinter.c
+++ b/src/media_tools/isom_hinter.c
@@ -641,7 +641,11 @@ GF_RTPHinter *gf_hinter_track_new(GF_ISOFile *file, u32 TrackNum,
 	if (hintType==GF_RTP_PAYT_MPEG4) {
 		tmp->rtp_p->slMap.CodecID = codecid;
 		/*set this SL for extraction.*/
-		gf_isom_set_extraction_slc(file, TrackNum, 1, &my_sl);
+		*e = gf_isom_set_extraction_slc(file, TrackNum, 1, &my_sl);
+		if (*e) {
+			gf_hinter_track_del(tmp);
+			return NULL;
+		}
 	}
 	tmp->bandwidth = bandwidth;
 
-- 
2.30.2