From e997c81778c73eaf91e3a4c2601e7f5b0ee6a7d1 Mon Sep 17 00:00:00 2001 From: Debian Multimedia Maintainers Date: Mon, 19 Jun 2023 22:46:06 +0100 Subject: [PATCH] CVE-2021-36417 Backported from https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30 Backported from https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30 Gbp-Pq: Name CVE-2021-36417.patch --- src/isomedia/avc_ext.c | 20 ++++++++++++++++---- src/isomedia/sample_descs.c | 11 ++++++++++- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/isomedia/avc_ext.c b/src/isomedia/avc_ext.c index 16347cb..c00cff0 100644 --- a/src/isomedia/avc_ext.c +++ b/src/isomedia/avc_ext.c @@ -2203,7 +2203,7 @@ GF_AVCConfig *gf_isom_avc_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1); if (!entry) return NULL; - + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; if (!entry->avc_config) return NULL; return AVC_DuplicateConfig(entry->avc_config->config); } @@ -2226,6 +2226,7 @@ GF_HEVCConfig *gf_isom_hevc_config_get(GF_ISOFile *the_file, u32 trackNumber, u3 return NULL; entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1); if (!entry) return NULL; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; if (!entry->hevc_config) return NULL; return HEVC_DuplicateConfig(entry->hevc_config->config); } @@ -2241,6 +2242,7 @@ GF_AVCConfig *gf_isom_svc_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 return NULL; entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1); if (!entry) return NULL; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; if (!entry->svc_config) return NULL; return AVC_DuplicateConfig(entry->svc_config->config); } @@ -2257,6 +2259,7 @@ GF_AVCConfig *gf_isom_mvc_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 return NULL; entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1); if (!entry) return NULL; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; if (!entry->mvc_config) return NULL; return AVC_DuplicateConfig(entry->mvc_config->config); } @@ -2276,7 +2279,9 @@ GF_AV1Config *gf_isom_av1_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 trak = gf_isom_get_track_from_file(the_file, trackNumber); if (!trak || !trak->Media || !DescriptionIndex) return NULL; entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex - 1); - if (!entry || !entry->av1_config|| !entry->av1_config->config) return NULL; + if (!entry) return NULL; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; + if (!entry->av1_config|| !entry->av1_config->config) return NULL; return AV1_DuplicateConfig(entry->av1_config->config); } @@ -2288,7 +2293,9 @@ GF_VPConfig *gf_isom_vp_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 De trak = gf_isom_get_track_from_file(the_file, trackNumber); if (!trak || !trak->Media || !DescriptionIndex) return NULL; entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex - 1); - if (!entry || !entry->vp_config) return NULL; + if (!entry) return NULL; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; + if (!entry->vp_config || !entry->vp_config->config) return NULL; return VP_DuplicateConfig(entry->vp_config->config); } @@ -2300,7 +2307,9 @@ GF_DOVIDecoderConfigurationRecord *gf_isom_dovi_config_get(GF_ISOFile* the_file, trak = gf_isom_get_track_from_file(the_file, trackNumber); if (!trak || !trak->Media || !DescriptionIndex) return NULL; entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex - 1); - if (!entry || !entry->dovi_config) return NULL; + if (!entry) return NULL; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; + if (!entry->dovi_config) return NULL; return DOVI_DuplicateConfig(&entry->dovi_config->DOVIConfig); } @@ -2317,6 +2326,7 @@ GF_ISOMAVCType gf_isom_get_avc_svc_type(GF_ISOFile *the_file, u32 trackNumber, u entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1); if (!entry) return GF_ISOM_AVCTYPE_NONE; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return GF_ISOM_AVCTYPE_NONE; type = entry->type; @@ -2359,6 +2369,7 @@ GF_ISOMHEVCType gf_isom_get_hevc_lhvc_type(GF_ISOFile *the_file, u32 trackNumber return GF_ISOM_HEVCTYPE_NONE; entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1); if (!entry) return GF_ISOM_HEVCTYPE_NONE; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return GF_ISOM_HEVCTYPE_NONE; type = entry->type; if (type == GF_ISOM_BOX_TYPE_ENCV) { @@ -2404,6 +2415,7 @@ GF_HEVCConfig *gf_isom_lhvc_config_get(GF_ISOFile *the_file, u32 trackNumber, u3 return NULL; entry = (GF_MPEGVisualSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, DescriptionIndex-1); if (!entry) return NULL; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; if (!entry->lhvc_config) return NULL; lhvc = HEVC_DuplicateConfig(entry->lhvc_config->config); if (!lhvc) return NULL; diff --git a/src/isomedia/sample_descs.c b/src/isomedia/sample_descs.c index 46b2b74..e4e3588 100644 --- a/src/isomedia/sample_descs.c +++ b/src/isomedia/sample_descs.c @@ -311,10 +311,12 @@ GF_3GPConfig *gf_isom_3gp_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 case GF_ISOM_SUBTYPE_3GP_EVRC: case GF_ISOM_SUBTYPE_3GP_QCELP: case GF_ISOM_SUBTYPE_3GP_SMV: + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return NULL; if (! ((GF_MPEGAudioSampleEntryBox*)entry)->cfg_3gpp) return NULL; config = & ((GF_MPEGAudioSampleEntryBox*)entry)->cfg_3gpp->cfg; break; case GF_ISOM_SUBTYPE_3GP_H263: + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return NULL; if (! ((GF_MPEGVisualSampleEntryBox*)entry)->cfg_3gpp) return NULL; config = & ((GF_MPEGVisualSampleEntryBox*)entry)->cfg_3gpp->cfg; break; @@ -339,8 +341,9 @@ GF_AC3Config *gf_isom_ac3_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 if (!trak || !StreamDescriptionIndex) return NULL; entry = (GF_MPEGAudioSampleEntryBox *)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, StreamDescriptionIndex-1); - if (!entry || !entry->cfg_ac3) return NULL; + if (!entry) return NULL; if (!entry->cfg_ac3) return NULL; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return NULL; if ( (entry->cfg_ac3->type!=GF_ISOM_BOX_TYPE_DAC3) && (entry->cfg_ac3->type!=GF_ISOM_BOX_TYPE_DEC3) ) return NULL; res = (GF_AC3Config*)gf_malloc(sizeof(GF_AC3Config)); @@ -361,6 +364,8 @@ GF_Err gf_isom_flac_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 Stream if (!trak || !StreamDescriptionIndex) return GF_BAD_PARAM; entry = (GF_MPEGAudioSampleEntryBox *)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, StreamDescriptionIndex-1); + if (!entry) return GF_BAD_PARAM; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return GF_BAD_PARAM; type = entry->type; if (type==GF_ISOM_BOX_TYPE_ENCA) { @@ -433,6 +438,8 @@ GF_Err gf_isom_opus_config_get(GF_ISOFile *the_file, u32 trackNumber, u32 Stream if (!trak || !StreamDescriptionIndex) return GF_BAD_PARAM; entry = (GF_MPEGAudioSampleEntryBox *)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, StreamDescriptionIndex-1); + if (!entry) return GF_BAD_PARAM; + if (entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return GF_BAD_PARAM; type = entry->type; if (type==GF_ISOM_BOX_TYPE_ENCA) { @@ -575,9 +582,11 @@ GF_Err gf_isom_3gp_config_update(GF_ISOFile *the_file, u32 trackNumber, GF_3GPCo case GF_ISOM_SUBTYPE_3GP_EVRC: case GF_ISOM_SUBTYPE_3GP_QCELP: case GF_ISOM_SUBTYPE_3GP_SMV: + if (a_entry->internal_type != GF_ISOM_SAMPLE_ENTRY_AUDIO) return GF_ISOM_INVALID_FILE; cfg = &a_entry->cfg_3gpp->cfg; break; case GF_ISOM_SUBTYPE_3GP_H263: + if (v_entry->internal_type != GF_ISOM_SAMPLE_ENTRY_VIDEO) return GF_ISOM_INVALID_FILE; cfg = & v_entry->cfg_3gpp->cfg; break; default: -- 2.30.2