1
0
forked from pool/ffmpeg-4

- Add 0001-avcodec-h2645_parse-zero-initialize-the-rbsp-buffer.patch

[boo#1149839, CVE-2019-15942]

OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=90
This commit is contained in:
Jan Engelhardt 2019-09-10 08:34:40 +00:00 committed by Git OBS Bridge
parent 20b3c2932b
commit 8a0eb853b5
2 changed files with 59 additions and 4 deletions

View File

@ -0,0 +1,49 @@
From af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71 Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Mon, 26 Aug 2019 00:54:20 -0300
Subject: [PATCH] avcodec/h2645_parse: zero initialize the rbsp buffer
Fixes ticket #8093
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavcodec/h2645_parse.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index 24658b3dfa..307e8643e6 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -345,13 +345,18 @@ static int find_next_start_code(const uint8_t *buf, const uint8_t *next_avc)
static void alloc_rbsp_buffer(H2645RBSP *rbsp, unsigned int size, int use_ref)
{
+ int min_size = size;
+
if (size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
goto fail;
size += AV_INPUT_BUFFER_PADDING_SIZE;
if (rbsp->rbsp_buffer_alloc_size >= size &&
- (!rbsp->rbsp_buffer_ref || av_buffer_is_writable(rbsp->rbsp_buffer_ref)))
+ (!rbsp->rbsp_buffer_ref || av_buffer_is_writable(rbsp->rbsp_buffer_ref))) {
+ av_assert0(rbsp->rbsp_buffer);
+ memset(rbsp->rbsp_buffer + min_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
return;
+ }
size = FFMIN(size + size / 16 + 32, INT_MAX);
@@ -360,7 +365,7 @@ static void alloc_rbsp_buffer(H2645RBSP *rbsp, unsigned int size, int use_ref)
else
av_free(rbsp->rbsp_buffer);
- rbsp->rbsp_buffer = av_malloc(size);
+ rbsp->rbsp_buffer = av_mallocz(size);
if (!rbsp->rbsp_buffer)
goto fail;
rbsp->rbsp_buffer_alloc_size = size;
--
2.23.0

View File

@ -1,7 +1,13 @@
-------------------------------------------------------------------
Tue Sep 10 08:30:36 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Add 0001-avcodec-h2645_parse-zero-initialize-the-rbsp-buffer.patch
[boo#1149839, CVE-2019-15942]
-------------------------------------------------------------------
Wed Sep 4 12:05:35 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
- Make ffmpeg-4.2-dlopen-fdk_aac.patch less verbose
- Make ffmpeg-4.2-dlopen-fdk_aac.patch less verbose
-------------------------------------------------------------------
Thu Aug 22 08:45:17 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
@ -283,8 +289,8 @@ Tue Nov 06 01:39:11 UTC 2018 - sean@suspend.net
Sat Nov 03 14:48:35 UTC 2018 - sean@suspend.net
- Remove 0001-avformat-fivenc-Check-audio-packet-size.patch (fixed upstream (bsc#8591d16)
- Update ffmpeg to 4.0.3
- Remove 0001-avformat-fivenc-Check-audio-packet-size.patch (fixed upstream (bsc#8591d16)
- Update ffmpeg to 4.0.3
* For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3
-------------------------------------------------------------------
@ -1347,7 +1353,7 @@ Mon Dec 7 12:18:36 UTC 2015 - idonmez@suse.com
* All packman specific changes are protected with BUILD_ORIG
- Added the following patches
* ffmpeg-2.4.5-arm6l.patch
* ffmpeg-libcdio_cdda-pkgconfig.patch
* ffmpeg-libcdio_cdda-pkgconfig.patch
-------------------------------------------------------------------
Sun Nov 29 11:24:54 UTC 2015 - jengelh@inai.de