Submit #52567: GPAC MP4Box version 2.1-DEV-rev490-g68064e101-master has a Integer Overflow in function lsr_translate_coords at laser/lsr_dec.c
Title | GPAC MP4Box version 2.1-DEV-rev490-g68064e101-master has a Integer Overflow in function lsr_translate_coords at laser/lsr_dec.c |
---|---|
Description | GPAC MP4Box version 2.1-DEV-rev490-g68064e101-master has a Integer Overflow in function lsr_translate_coords at laser/lsr_dec.c:856:27 details can get from: https://drive.google.com/file/d/1HVWa6IpAbvsMS5rx091RfjUB4GfXrMLE/view?usp=sharing gdb output: (gdb) l 851 return 2 * gf_divfix(INT2FIX(val/2), lsr->res_factor); 852 return gf_divfix(INT2FIX(val), lsr->res_factor); 853 } 854 #else 855 if (val >> (nb_bits-1) ) { 856 s32 neg = (s32) val - (1<<nb_bits); //here 857 return gf_divfix(INT2FIX(neg), lsr->res_factor); 858 } else { 859 return gf_divfix(INT2FIX(val), lsr->res_factor); 860 } (gdb) p val $1 = 732470 (gdb) p 1<<nb_bits $2 = 1048576 (gdb) p val - (1<<nb_bits) $3 = 4294651190 (gdb) p neg $4 = 24832 |
Source | ⚠️ https:/ |
Submission | 18/11/2022 16h31 (1 Year ago) |
Moderation | 29/11/2022 08h31 (11 days later) |
Accepted | Aceite |
VulDB Entry | VDB-214518 |