From b1ae09e55507edae3ed366673fe283cbab1432e2 Mon Sep 17 00:00:00 2001 From: Debian Multimedia Maintainers Date: Mon, 19 Jun 2023 22:46:06 +0100 Subject: [PATCH] CVE-2021-46038to46046_46049_46051 Origin: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f Reviewed-by: Aron Xu From f5a778edd1febd574ff9558d2faa57133bdb4a5f Mon Sep 17 00:00:00 2001 From: jeanlf Date: Mon, 3 Jan 2022 11:12:21 +0100 Subject: [PATCH] fixed #1999 Gbp-Pq: Name CVE-2021-46038to46046_46049_46051.patch --- src/isomedia/isom_store.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/isomedia/isom_store.c b/src/isomedia/isom_store.c index 254902b..17dd96f 100644 --- a/src/isomedia/isom_store.c +++ b/src/isomedia/isom_store.c @@ -270,6 +270,8 @@ static GF_Err ShiftOffset(GF_ISOFile *file, GF_List *writers, u64 offset) //be carefull for the last entry, nextChunk is set to 0 in edit mode... last = ent->nextChunk ? ent->nextChunk : stco->nb_entries + 1; for (k = ent->firstChunk; k < last; k++) { + if (stco->nb_entries < k) + return GF_ISOM_INVALID_FILE; //we need to rewrite the table: only allocate co64 if not done previously and convert all offsets //to co64. Then (whether co64 was created or not) adjust the offset @@ -303,6 +305,8 @@ static GF_Err ShiftOffset(GF_ISOFile *file, GF_List *writers, u64 offset) //be carefull for the last entry ... last = ent->nextChunk ? ent->nextChunk : stco64->nb_entries + 1; for (k = ent->firstChunk; k < last; k++) { + if (stco64->nb_entries < k) + return GF_ISOM_INVALID_FILE; stco64->offsets[k-1] += offset; } } -- 2.30.2