From fe83b8a70506d5f036cbb24eb255e5a43529a599 Mon Sep 17 00:00:00 2001
From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Tue, 7 Mar 2023 06:41:07 -0500
Subject: [PATCH] CVE-2022-1441

commit 3dbe11b37d65c8472faf0654410068e5500b3adb
Author: jeanlf <jeanlf@gpac.io>
Date:   Tue Apr 19 09:15:58 2022 +0200

    fixed #2175


Gbp-Pq: Name CVE-2022-1441.patch
---
 src/isomedia/box_code_3gpp.c | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/src/isomedia/box_code_3gpp.c b/src/isomedia/box_code_3gpp.c
index 3f9ff05..928a557 100644
--- a/src/isomedia/box_code_3gpp.c
+++ b/src/isomedia/box_code_3gpp.c
@@ -1128,20 +1128,12 @@ void diST_box_del(GF_Box *s)
 
 GF_Err diST_box_read(GF_Box *s, GF_BitStream *bs)
 {
-	u32 i;
-	char str[1024];
 	GF_DIMSScriptTypesBox *p = (GF_DIMSScriptTypesBox *)s;
 
-	i=0;
-	str[0]=0;
-	while (1) {
-		str[i] = gf_bs_read_u8(bs);
-		if (!str[i]) break;
-		i++;
-	}
-	ISOM_DECREASE_SIZE(p, i);
-
-	p->content_script_types = gf_strdup(str);
+	p->content_script_types = gf_malloc(sizeof(char) * (s->size+1));
+	if (!p->content_script_types) return GF_OUT_OF_MEM;
+	gf_bs_read_data(bs, p->content_script_types, s->size);
+	p->content_script_types[s->size] = 0;
 	return GF_OK;
 }
 
-- 
2.30.2