Description
There is a buffer overflow issue in gf_sm_load_init () function, scene_manager.c
GF_Err gf_sm_load_init(GF_SceneLoader *load)
{
……
ext = (char *)strrchr(load->fileName, '.');
if (!ext) return GF_NOT_SUPPORTED;
if (!stricmp(ext, ".gz")) {
char *anext;
ext[0] = 0;
anext = (char *)strrchr(load->fileName, '.');
ext[0] = '.';
ext = anext;
}
strcpy(szExt, &ext[1]); // buffer overflow here.
……
}
root@ubuntu:/opt/niugx/cov_product/gpac/gpac-master/bin/gcc# ./MP4Box -inctx inScene.exttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt -out output.txt -add overview.srt overview.mp4
Timed Text (SRT) import - text track 580 x 436, font Serif (size 18)
*** stack smashing detected ***: ./MP4Box terminated
Aborted (core dumped)