Version

MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
        GPAC Filters: https://doi.org/10.1145/3339825.3394929
        GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --enable-sanitizer --verbose
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_PNG GPAC_HAS_LINUX_DVB  GPAC_DISABLE_3D 

Proof of Concept

➜  gcc git:(master) ✗ ./MP4Box -info ./gf_text_get_utf8_line_poc
filters/load_text.c:362:13: runtime error: index 2048 out of bounds for type 'char [2048]'

Reproduce

./configure --enable-sanitizer --enable-debug
make
./MP4Box -info gf_text_get_utf8_line_poc

Git Log

commit 3602a5ded4e57b0044a949f985ee3792f94a9a36 (HEAD -> master, origin/master, origin/HEAD)
Author: Aurelien David <aurelien.david@telecom-paristech.fr>
Date:   Thu Feb 9 11:24:23 2023 +0100

    mp3dmx: check truncated frames (#2391)

commit ea7395f39f601a7750d48d606e9d10ea0b7beefe
Author: Aurelien David <aurelien.david@telecom-paristech.fr>
Date:   Wed Feb 8 16:52:00 2023 +0100

    sgpd box entry: disallow null grouping_type (#2389)

commit 8db20cb634a546c536c31caac94e1f74b778b463
Author: Aurelien David <aurelien.david@telecom-paristech.fr>
Date:   Tue Feb 7 18:27:19 2023 +0100

    m2ts: check descs_size read from input to prevent overflow (#2388)