There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value.
In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number.
In result, memcpy in gf_props_assign_value failed.
More, this bug may result a heap overflow with crafted file.
In command line:
./bin/gcc/gpac -info bug.flac
In gdb:
There is a integer overflow in function
filter_core/filter_props.c:gf_props_assign_value.In which, the arg
const GF_PropertyValue *value,maybe value->value.data.size is a negative number.In result, memcpy in gf_props_assign_value failed.
More, this bug may result a heap overflow with crafted file.
In command line:


./bin/gcc/gpac -info bug.flac
In gdb:
The crafted file is in attach zip:
bug.zip
The text was updated successfully, but these errors were encountered: