Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

in box_code_base.c line 635 has a heap overflow. #1088

Closed
Edward-L opened this issue Jun 28, 2018 · 2 comments
Closed

in box_code_base.c line 635 has a heap overflow. #1088

Edward-L opened this issue Jun 28, 2018 · 2 comments

Comments

@Edward-L
Copy link

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/

in box_code_base.c line 635 has a heap overflow.

	tmpName = (char*)gf_malloc(sizeof(char) * to_read);
   if (!tmpName) return GF_OUT_OF_MEM;
   //get the data
   gf_bs_read_data(bs, tmpName, to_read);

   //then get the break
   i = 0;
   while ( (tmpName[i] != 0) && (i < to_read) ) {
   	i++;
   }

When you end the while loop, you access tmpname[to_read+ 1], causing a heap overflow. You should change it like this

	while ( (i < to_read)&& (tmpName[i] != 0) ) {
		i++;
	}
@aureliendavid
Copy link
Contributor

I agree, should now be fixed, thanks for the report

@nluedtke
Copy link

nluedtke commented Feb 8, 2019

For completeness.

hdlr_dump was assigned CVE-2018-13006
urn_Read was assigned CVE-2018-13005

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants