Closed
Description
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
- [ x ] I looked for a similar issue and couldn't find any.
- [ x ] I tried with the latest version of GPAC. Installers available at github commit 3096514
- [ x ] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line ...). I can share files anonymously with this dropbox: https://www.mediafire.com/filedrop/filedrop_hosted.php?drop=eec9e058a9486fe4e99c33021481d9e1826ca9dbc242a6cfaab0fe95da5e5d95
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
in box_code_base.c line 635 has a heap overflow.
tmpName = (char*)gf_malloc(sizeof(char) * to_read);
if (!tmpName) return GF_OUT_OF_MEM;
//get the data
gf_bs_read_data(bs, tmpName, to_read);
//then get the break
i = 0;
while ( (tmpName[i] != 0) && (i < to_read) ) {
i++;
}
When you end the while loop, you access tmpname[to_read+ 1], causing a heap overflow. You should change it like this
while ( (i < to_read)&& (tmpName[i] != 0) ) {
i++;
}
Metadata
Metadata
Assignees
Labels
No labels