From 7ea25d33a5649792adffd3f8e5efe36f12b093a1 Mon Sep 17 00:00:00 2001
From: jeanlf <jeanlf@github.com>
Date: Thu, 9 Sep 2021 14:36:47 +0200
Subject: [PATCH] [PATCH] fixed #1910 #1911

Gbp-Pq: Name CVE-2021-41456.patch
---
 src/filters/dmx_nhml.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/filters/dmx_nhml.c b/src/filters/dmx_nhml.c
index 6c3a775..c06b230 100644
--- a/src/filters/dmx_nhml.c
+++ b/src/filters/dmx_nhml.c
@@ -999,10 +999,17 @@ static GF_Err nhmldmx_send_sample(GF_Filter *filter, GF_NHMLDmxCtx *ctx)
 					} else {
 						base_data = att->value;
 					}
+				} else if (!strnicmp(att->value, "gmem://", 7)) {
+					GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, ("[NHMLDmx] Invalid url %s for NHML import\n", att->value));
 				} else {
 					char *url = gf_url_concatenate(ctx->src_url, att->value);
-					strcpy(szMediaTemp, url ? url : att->value);
-					if (url) gf_free(url);
+					if (!url) {
+						GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, ("[NHMLDmx] Failed to get full url for %s\n", att->value));
+					} else {
+						strncpy(szMediaTemp, url, GF_MAX_PATH-1);
+						szMediaTemp[GF_MAX_PATH-1] = 0;
+						gf_free(url);
+					}
 				}
 			}
 			else if (!stricmp(att->name, "xmlFrom")) strcpy(szXmlFrom, att->value);
-- 
2.30.2