Sync from SUSE:ALP:Source:Standard:1.0 libaom revision 0fd187108d52e69387fc827d83abbae6

This commit is contained in:
Adrian Schröter 2024-09-25 16:04:02 +02:00
parent cfb1500bcc
commit ca53b7cd09
3 changed files with 66 additions and 0 deletions

View File

@ -0,0 +1,56 @@
diff --git a/aom/src/aom_image.c b/aom/src/aom_image.c
index 3b1c33d..b68dc4c 100644
--- a/aom/src/aom_image.c
+++ b/aom/src/aom_image.c
@@ -36,8 +36,7 @@
/* NOTE: In this function, bit_depth is either 8 or 16 (if
* AOM_IMG_FMT_HIGHBITDEPTH is set), never 10 or 12.
*/
- unsigned int h, w, s, xcs, ycs, bps, bit_depth;
- unsigned int stride_in_bytes;
+ unsigned int h, w, xcs, ycs, bps, bit_depth;
if (img != NULL) memset(img, 0, sizeof(aom_image_t));
@@ -108,9 +107,11 @@
w = align_image_dimension(d_w, xcs, size_align);
h = align_image_dimension(d_h, ycs, size_align);
- s = (fmt & AOM_IMG_FMT_PLANAR) ? w : bps * w / bit_depth;
+ uint64_t s = (fmt & AOM_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / bit_depth;
s = (s + 2 * border + stride_align - 1) & ~(stride_align - 1);
- stride_in_bytes = s * bit_depth / 8;
+ s = s * bit_depth / 8;
+ if (s > INT_MAX) goto fail;
+ const int stride_in_bytes = (int)s;
/* Allocate the new image */
if (!img) {
@@ -232,7 +233,7 @@
img->planes[AOM_PLANE_Y] =
data + x * bytes_per_sample + y * img->stride[AOM_PLANE_Y];
- data += (img->h + 2 * border) * img->stride[AOM_PLANE_Y];
+ data += ((size_t)img->h + 2 * border) * img->stride[AOM_PLANE_Y];
unsigned int uv_border_h = border >> img->y_chroma_shift;
unsigned int uv_x = x >> img->x_chroma_shift;
@@ -244,14 +245,14 @@
} else if (!(img->fmt & AOM_IMG_FMT_UV_FLIP)) {
img->planes[AOM_PLANE_U] =
data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_U];
- data += ((img->h >> img->y_chroma_shift) + 2 * uv_border_h) *
+ data += ((size_t)(img->h >> img->y_chroma_shift) + 2 * uv_border_h) *
img->stride[AOM_PLANE_U];
img->planes[AOM_PLANE_V] =
data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_V];
} else {
img->planes[AOM_PLANE_V] =
data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_V];
- data += ((img->h >> img->y_chroma_shift) + 2 * uv_border_h) *
+ data += ((size_t)(img->h >> img->y_chroma_shift) + 2 * uv_border_h) *
img->stride[AOM_PLANE_V];
img->planes[AOM_PLANE_U] =
data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_U];

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Jun 10 12:03:09 UTC 2024 - pgajdos@suse.com
- security update
- added patches
fix CVE-2024-5171 [bsc#1226020], heap buffer overflow in img_alloc_helper() caused by integer overflow
+ libaom-CVE-2024-5171.patch
-------------------------------------------------------------------
Tue Dec 5 19:20:33 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

View File

@ -45,6 +45,8 @@ Source99: baselibs.conf
Patch0: libaom-0001-Do-not-disable-_FORTIFY_SOURCE.patch
Patch1: system-gtest.patch
Patch2: system-yuv.patch
# CVE-2024-5171 [bsc#1226020], heap buffer overflow in img_alloc_helper() caused by integer overflow
Patch3: libaom-CVE-2024-5171.patch
BuildRequires: c++_compiler
BuildRequires: cmake >= 3.6