Headline
CVE-2023-4756: Fixed #2584 · gpac/gpac@6914d01
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
Expand Up
@@ -134,24 +134,31 @@ static GF_Err gf_bt_report(GF_BTParser *parser, GF_Err e, char *format, …)
void gf_bt_check_line(GF_BTParser *parser)
{
while (1) {
reload_line:
while (parser->line_pos < parser->line_size) {
switch (parser->line_buffer[parser->line_pos]) {
case ' ':
case '\t’:
case '\n’:
case '\r’:
parser->line_pos++;
continue;
case '\0’:
parser->line_pos = parser->line_size;
default:
break;
}
break;
}
if (parser->line_buffer[parser->line_pos]==’#’) {
parser->line_size = parser->line_pos;
if (parser->line_pos < parser->line_size) {
if (parser->line_buffer[parser->line_pos]==’#’) {
parser->line_size = parser->line_pos;
}
else if ((parser->line_buffer[parser->line_pos]==’/’) && (parser->line_buffer[parser->line_pos+1]==’/’) ) {
parser->line_size = parser->line_pos;
}
}
else if ((parser->line_buffer[parser->line_pos]==’/’) && (parser->line_buffer[parser->line_pos+1]==’/’) ) parser->line_size = parser->line_pos;
if (parser->line_size == parser->line_pos) {
/*string based input - done*/
Expand Down Expand Up
@@ -405,10 +412,15 @@ void gf_bt_check_line(GF_BTParser *parser)
}
}
if (!parser->line_size) {
if (!gf_gzeof(parser->gz_in)) gf_bt_check_line(parser);
else parser->done = 1;
if (!gf_gzeof(parser->gz_in))
//avoid recursion
goto reload_line;
else
parser->done = 1;
}
else if (!parser->done && (parser->line_size == parser->line_pos)) gf_bt_check_line(parser);
else if (!parser->done && (parser->line_size == parser->line_pos))
//avoid recursion
goto reload_line;
}
void gf_bt_force_line(GF_BTParser *parser)
Expand Down