Sync from SUSE:ALP:Source:Standard:1.0 libaom revision 0fd187108d52e69387fc827d83abbae6
This commit is contained in:
parent
cfb1500bcc
commit
ca53b7cd09
56
libaom-CVE-2024-5171.patch
Normal file
56
libaom-CVE-2024-5171.patch
Normal file
@ -0,0 +1,56 @@
|
||||
diff --git a/aom/src/aom_image.c b/aom/src/aom_image.c
|
||||
index 3b1c33d..b68dc4c 100644
|
||||
--- a/aom/src/aom_image.c
|
||||
+++ b/aom/src/aom_image.c
|
||||
|
||||
@@ -36,8 +36,7 @@
|
||||
/* NOTE: In this function, bit_depth is either 8 or 16 (if
|
||||
* AOM_IMG_FMT_HIGHBITDEPTH is set), never 10 or 12.
|
||||
*/
|
||||
- unsigned int h, w, s, xcs, ycs, bps, bit_depth;
|
||||
- unsigned int stride_in_bytes;
|
||||
+ unsigned int h, w, xcs, ycs, bps, bit_depth;
|
||||
|
||||
if (img != NULL) memset(img, 0, sizeof(aom_image_t));
|
||||
|
||||
@@ -108,9 +107,11 @@
|
||||
w = align_image_dimension(d_w, xcs, size_align);
|
||||
h = align_image_dimension(d_h, ycs, size_align);
|
||||
|
||||
- s = (fmt & AOM_IMG_FMT_PLANAR) ? w : bps * w / bit_depth;
|
||||
+ uint64_t s = (fmt & AOM_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / bit_depth;
|
||||
s = (s + 2 * border + stride_align - 1) & ~(stride_align - 1);
|
||||
- stride_in_bytes = s * bit_depth / 8;
|
||||
+ s = s * bit_depth / 8;
|
||||
+ if (s > INT_MAX) goto fail;
|
||||
+ const int stride_in_bytes = (int)s;
|
||||
|
||||
/* Allocate the new image */
|
||||
if (!img) {
|
||||
@@ -232,7 +233,7 @@
|
||||
|
||||
img->planes[AOM_PLANE_Y] =
|
||||
data + x * bytes_per_sample + y * img->stride[AOM_PLANE_Y];
|
||||
- data += (img->h + 2 * border) * img->stride[AOM_PLANE_Y];
|
||||
+ data += ((size_t)img->h + 2 * border) * img->stride[AOM_PLANE_Y];
|
||||
|
||||
unsigned int uv_border_h = border >> img->y_chroma_shift;
|
||||
unsigned int uv_x = x >> img->x_chroma_shift;
|
||||
@@ -244,14 +245,14 @@
|
||||
} else if (!(img->fmt & AOM_IMG_FMT_UV_FLIP)) {
|
||||
img->planes[AOM_PLANE_U] =
|
||||
data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_U];
|
||||
- data += ((img->h >> img->y_chroma_shift) + 2 * uv_border_h) *
|
||||
+ data += ((size_t)(img->h >> img->y_chroma_shift) + 2 * uv_border_h) *
|
||||
img->stride[AOM_PLANE_U];
|
||||
img->planes[AOM_PLANE_V] =
|
||||
data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_V];
|
||||
} else {
|
||||
img->planes[AOM_PLANE_V] =
|
||||
data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_V];
|
||||
- data += ((img->h >> img->y_chroma_shift) + 2 * uv_border_h) *
|
||||
+ data += ((size_t)(img->h >> img->y_chroma_shift) + 2 * uv_border_h) *
|
||||
img->stride[AOM_PLANE_V];
|
||||
img->planes[AOM_PLANE_U] =
|
||||
data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_U];
|
||||
|
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 10 12:03:09 UTC 2024 - pgajdos@suse.com
|
||||
|
||||
- security update
|
||||
- added patches
|
||||
fix CVE-2024-5171 [bsc#1226020], heap buffer overflow in img_alloc_helper() caused by integer overflow
|
||||
+ libaom-CVE-2024-5171.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 5 19:20:33 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
|
@ -45,6 +45,8 @@ Source99: baselibs.conf
|
||||
Patch0: libaom-0001-Do-not-disable-_FORTIFY_SOURCE.patch
|
||||
Patch1: system-gtest.patch
|
||||
Patch2: system-yuv.patch
|
||||
# CVE-2024-5171 [bsc#1226020], heap buffer overflow in img_alloc_helper() caused by integer overflow
|
||||
Patch3: libaom-CVE-2024-5171.patch
|
||||
|
||||
BuildRequires: c++_compiler
|
||||
BuildRequires: cmake >= 3.6
|
||||
|
Loading…
Reference in New Issue
Block a user