From 8f771f4f7252c2aa08f236f54cc8bd7f95ccd9c0 Mon Sep 17 00:00:00 2001 From: Debian Multimedia Maintainers Date: Mon, 6 Mar 2023 20:09:19 -0500 Subject: [PATCH] CVE-2022-38530 commit 4e56ad72ac1afb4e049a10f2d99e7512d7141f9d Author: jeanlf Date: Tue Jul 12 18:29:36 2022 +0200 fixed #2216 Gbp-Pq: Name CVE-2022-38530.patch --- applications/mp4box/main.c | 2 +- src/odf/desc_private.c | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/applications/mp4box/main.c b/applications/mp4box/main.c index 1b3fb4f..fd0036d 100644 --- a/applications/mp4box/main.c +++ b/applications/mp4box/main.c @@ -3602,7 +3602,7 @@ GF_Err HintFile(GF_ISOFile *file, u32 MTUSize, u32 max_ptime, u32 rtp_rate, u32 if (e) { M4_LOG(GF_LOG_ERROR, ("Error while hinting (%s)\n", gf_error_to_string(e))); - if (!nb_done) return e; + return e; } init_payt++; nb_done ++; diff --git a/src/odf/desc_private.c b/src/odf/desc_private.c index a22c7cc..33313f1 100644 --- a/src/odf/desc_private.c +++ b/src/odf/desc_private.c @@ -273,7 +273,7 @@ GF_Err gf_odf_delete_descriptor(GF_Descriptor *desc) // // READERS // -GF_Err gf_odf_read_descriptor(GF_BitStream *bs, GF_Descriptor *desc, u32 DescSize) +static GF_Err gf_odf_read_descriptor_internal(GF_BitStream *bs, GF_Descriptor *desc, u32 DescSize) { switch (desc->tag) { case GF_ODF_IOD_TAG : @@ -368,7 +368,17 @@ GF_Err gf_odf_read_descriptor(GF_BitStream *bs, GF_Descriptor *desc, u32 DescSiz return GF_OK; } - +GF_Err gf_odf_read_descriptor(GF_BitStream *bs, GF_Descriptor *desc, u32 DescSize) +{ + u64 cookie = gf_bs_get_cookie(bs); + //we allow 100 max desc in a hierarchy - see issue 2216 + if (cookie>100) + return GF_NON_COMPLIANT_BITSTREAM; + gf_bs_set_cookie(bs, cookie+1); + GF_Err e = gf_odf_read_descriptor_internal(bs, desc, DescSize); + gf_bs_set_cookie(bs, cookie); + return e; +} -- 2.30.2