From 76d3760b4a1236994e2bd1aa85d70c6a818dfe94 Mon Sep 17 00:00:00 2001
From: Reinhard Tartler <siretart@tauware.de>
Date: Sat, 4 Mar 2023 12:44:21 -0500
Subject: [PATCH] Fix stack overflow in MP4Box CVE-2022-1441

---
 debian/patches/CVE-2022-1441.patch | 35 ++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 debian/patches/CVE-2022-1441.patch

diff --git a/debian/patches/CVE-2022-1441.patch b/debian/patches/CVE-2022-1441.patch
new file mode 100644
index 0000000..61bc101
--- /dev/null
+++ b/debian/patches/CVE-2022-1441.patch
@@ -0,0 +1,35 @@
+commit 3dbe11b37d65c8472faf0654410068e5500b3adb
+Author: jeanlf <jeanlf@gpac.io>
+Date:   Tue Apr 19 09:15:58 2022 +0200
+
+    fixed #2175
+
+diff --git a/src/isomedia/box_code_3gpp.c b/src/isomedia/box_code_3gpp.c
+index 3f9ff0569..928a5575f 100644
+--- a/src/isomedia/box_code_3gpp.c
++++ b/src/isomedia/box_code_3gpp.c
+@@ -1128,20 +1128,12 @@ void diST_box_del(GF_Box *s)
+ 
+ GF_Err diST_box_read(GF_Box *s, GF_BitStream *bs)
+ {
+-	u32 i;
+-	char str[1024];
+ 	GF_DIMSScriptTypesBox *p = (GF_DIMSScriptTypesBox *)s;
+ 
+-	i=0;
+-	str[0]=0;
+-	while (1) {
+-		str[i] = gf_bs_read_u8(bs);
+-		if (!str[i]) break;
+-		i++;
+-	}
+-	ISOM_DECREASE_SIZE(p, i);
+-
+-	p->content_script_types = gf_strdup(str);
++	p->content_script_types = gf_malloc(sizeof(char) * (s->size+1));
++	if (!p->content_script_types) return GF_OUT_OF_MEM;
++	gf_bs_read_data(bs, p->content_script_types, s->size);
++	p->content_script_types[s->size] = 0;
+ 	return GF_OK;
+ }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index b092b05..bc5ddc8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ CVE-2022-30976.patch
 CVE-2022-1035.patch
 CVE-2022-1172.patch
 CVE-2022-1222.patch
+CVE-2022-1441.patch
\ No newline at end of file
-- 
2.30.2