From d2e01ec1d402570231507140acef5e759357b64b Mon Sep 17 00:00:00 2001 From: Debian Multimedia Maintainers Date: Tue, 7 Mar 2023 06:41:07 -0500 Subject: [PATCH] CVE-2022-29340 commit 37592ad86c6ca934d34740012213e467acc4a3b0 Author: jeanlf Date: Tue Apr 12 10:35:52 2022 +0200 fixed #2163 Gbp-Pq: Name CVE-2022-29340.patch --- src/isomedia/box_funcs.c | 6 +++++- src/isomedia/isom_intern.c | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/isomedia/box_funcs.c b/src/isomedia/box_funcs.c index bed5c6c..8e6c000 100644 --- a/src/isomedia/box_funcs.c +++ b/src/isomedia/box_funcs.c @@ -90,6 +90,8 @@ static GF_Err gf_isom_full_box_read(GF_Box *ptr, GF_BitStream *bs); u64 unused_bytes = 0; +#define GF_SKIP_BOX 10 + GF_Err gf_isom_box_parse_ex(GF_Box **outBox, GF_BitStream *bs, u32 parent_type, Bool is_root_box) { u32 type, uuid_type, hdr_size, restore_type; @@ -303,8 +305,10 @@ GF_Err gf_isom_box_parse_ex(GF_Box **outBox, GF_BitStream *bs, u32 parent_type, if (e && (e != GF_ISOM_INCOMPLETE_FILE)) { gf_isom_box_del(newBox); *outBox = NULL; + if (is_root_box && (e==GF_SKIP_BOX)) + e = GF_ISOM_INVALID_FILE; - if (!skip_logs) { + if (!skip_logs && (e!=GF_SKIP_BOX)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, ("[iso file] Read Box \"%s\" (start "LLU") failed (%s) - skipping\n", gf_4cc_to_str(type), start, gf_error_to_string(e))); } //we don't try to reparse known boxes that have been failing (too dangerous) diff --git a/src/isomedia/isom_intern.c b/src/isomedia/isom_intern.c index d1b8ab4..680e5eb 100644 --- a/src/isomedia/isom_intern.c +++ b/src/isomedia/isom_intern.c @@ -373,7 +373,8 @@ static GF_Err gf_isom_parse_movie_boxes_internal(GF_ISOFile *mov, u32 *boxType, e = gf_isom_parse_root_box(&a, mov->movieFileMap->bs, boxType, bytesMissing, progressive_mode); if (e >= 0) { - + //safety check, should never happen + if (!a) return GF_ISOM_INVALID_FILE; } else if (e == GF_ISOM_INCOMPLETE_FILE) { /*our mdat is uncomplete, only valid for READ ONLY files...*/ if (mov->openMode != GF_ISOM_OPEN_READ) { -- 2.30.2