Headline
CVE-2020-25427: fixed potential crash - cf #1406 · gpac/gpac@8e585e6
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.
@@ -205,17 +205,11 @@ GF_Err gf_isom_box_parse_ex(GF_Box **outBox, GF_BitStream *bs, u32 parent_type,
newBox->size = size - hdr_size;
if (newBox->size) {
e = gf_isom_full_box_read(newBox, bs);
if (!e) e = gf_isom_box_read(newBox, bs);
newBox->size = size;
end = gf_bs_get_position(bs);
} else {
newBox->size = size;
//empty box
e = GF_OK;
end = gf_bs_get_position(bs);
}
//parse even if size is 0 - this makes sure that we perform box parsing (usually in box->read)
e = gf_isom_full_box_read(newBox, bs);
if (!e) e = gf_isom_box_read(newBox, bs);
newBox->size = size;
end = gf_bs_get_position(bs);
if (e && (e != GF_ISOM_INCOMPLETE_FILE)) {
gf_isom_box_del(newBox);