Tree - rpms/libmp4v2 - src.fedoraproject.org

rpms / libmp4v2

Overview Files Commits Branches Forks Releases

Monitoring status:

Bugzilla Assignee:

Fedora:: amigadave
EPEL:: amigadave

Files

Commit: 3688e45913ab8b65306f880da2c359232f47ec60

Blob Blame History Raw

From bb920de948c85e3db4a52292ac7250a50e3bfc86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
Date: Sat, 2 Nov 2019 04:19:27 +0000
Subject: [PATCH 08/10] Fix v2 Type confusion in MP4v2 2.0.0

The bug is caused by the wrong assumption that the child of an `ilst`
can never be an `ilst`. So we could fix it by simply adding an ASSERT.

Reference: https://www.openwall.com/lists/oss-security/2018/07/17/1
Addresses: https://nvd.nist.gov/vuln/detail/CVE-2018-14379
---
 src/mp4atom.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/mp4atom.cpp b/src/mp4atom.cpp
index 520cbc8..7a0a53f 100644
--- a/src/mp4atom.cpp
+++ b/src/mp4atom.cpp
@@ -778,8 +778,10 @@ MP4Atom::factory( MP4File &file, MP4Atom* parent, const char* type )
         const char* const ptype = parent->GetType();
 
         if( descendsFrom( parent, "ilst" )) {
-            if( ATOMID( ptype ) == ATOMID( "ilst" ))
+            if( ATOMID( ptype ) == ATOMID( "ilst" )) {
+                ASSERT(ATOMID( type ) != ATOMID( "ilst" ));
                 return new MP4ItemAtom( file, type );
+            }
 
             if( ATOMID( type ) == ATOMID( "data" ))
                 return new MP4DataAtom(file);
-- 
2.21.0

rpms / libmp4v2

Source Code

Files