diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index 70fce95..786bb4e 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # diff --git a/ffmpeg-CVE-2018-13305.patch b/ffmpeg-CVE-2018-13305.patch index 9e47b0f..5401ead 100644 --- a/ffmpeg-CVE-2018-13305.patch +++ b/ffmpeg-CVE-2018-13305.patch @@ -1,13 +1,33 @@ -diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c -index b06ee9f..5b38183 100644 ---- a/libavcodec/vc1_block.c -+++ b/libavcodec/vc1_block.c -@@ -188,7 +188,7 @@ static void vc1_put_signed_blocks_clamped(VC1Context *v) +From d08d4a8c7387e758d439b0592782e4cfa2b4d6a4 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Thu, 28 Jun 2018 23:46:32 +0200 +Subject: [PATCH] avcodec/vc1_block: Fix mqaunt check for negative values +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: out of array access +Fixes: ffmpeg_bof_4.avi +Fixes: ffmpeg_bof_5.avi +Fixes: ffmpeg_bof_6.avi + +Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart +Reviewed-by: Jerome Borsboom +Signed-off-by: Michael Niedermayer +--- + libavcodec/vc1_block.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: ffmpeg-4.0.2/libavcodec/vc1_block.c +=================================================================== +--- ffmpeg-4.0.2.orig/libavcodec/vc1_block.c ++++ ffmpeg-4.0.2/libavcodec/vc1_block.c +@@ -188,7 +188,7 @@ static void vc1_put_signed_blocks_clampe mquant = v->altpq; \ if ((edges&8) && s->mb_y == (s->mb_height - 1)) \ mquant = v->altpq; \ - if (!mquant || mquant > 31) { \ -+ if (!mquant || mquant > 31 || mquant < -31) { \ ++ if (!mquant || mquant > 31 || mquant < -31) { \ av_log(v->s.avctx, AV_LOG_ERROR, \ "Overriding invalid mquant %d\n", mquant); \ mquant = 1; \