CVE-2022-47660: integer overflow in isomedia/isom_write.c:4931 · Issue #2357 · gpac/gpac

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

MP4Box - GPAC version 2.1-DEV-rev644-g5c4df2a67-master
(c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
    GPAC Filters: https://doi.org/10.1145/3339825.3394929
    GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --enable-sanitizer
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB  GPAC_DISABLE_3D


./configure --enable-sanitizer
make
./MP4Box import -cat iof.mp4


[HEVC] Error parsing NAL unit type 33
[HEVC] Error parsing NAL unit type 32
[HEVC] Invalid log2_max_pic_order_cnt_lsb_minus4 80, max shall be 12
[HEVC] Error parsing NAL unit type 33
[HEVC] Error parsing Sequence Param Set
[HEVC] Error parsing NAL unit type 34
[HEVC] Error parsing NAL unit type 0
Track Importing HEVC - Width 1 Height 6 FPS 488447261/488447261
[HEVC] Error parsing NAL unit type 25
[HEVC] NAL Unit type 25 not handled - adding
[HEVC] Error parsing NAL unit type 32
[HEVC] Invalid log2_max_pic_order_cnt_lsb_minus4 80, max shall be 12
[HEVC] Error parsing NAL unit type 33
[HEVC] Error parsing Sequence Param Set
[HEVC] Error parsing NAL unit type 34
[HEVC] Error parsing NAL unit type 0
[HEVC] Error parsing NAL unit type 32         
isomedia/isom_write.c:4931:87: runtime error: signed integer overflow: 1852736474 - -1953749291 cannot be represented in type 'int'