Accepting request 921459 from home:AZhou:branches:multimedia:libs

- Add ffmpeg-CVE-2020-22037.patch: Backport from upstream to fix denial of service vulnerability exists due to a memory leak in avcodec_alloc_context3 at options.c (bsc#1186756). OBS-URL: https://build.opensuse.org/request/show/921459 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=170
2021-09-26 21:19:18 +00:00 · 2021-09-26 21:19:18 +00:00 · 163fe1db7e
commit 163fe1db7e
parent 691f3202a0
3 changed files with 64 additions and 0 deletions
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Sep 26 02:44:57 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add ffmpeg-CVE-2020-22037.patch: Backport from upstream to fix
+  denial of service vulnerability exists due to a memory leak in
+  avcodec_alloc_context3 at options.c (bsc#1186756).
+
 -------------------------------------------------------------------
 Fri Aug 27 07:09:15 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>

--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@ -121,6 +121,7 @@ Patch9:         ffmpeg-4.4-CVE-2020-22046.patch
 Patch10:        ffmpeg-CVE-2021-33815.patch
 Patch11:        ffmpeg-CVE-2021-38114.patch
 Patch12:        ffmpeg-CVE-2021-38171.patch
+Patch13:        ffmpeg-CVE-2020-22037.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
--- a/ffmpeg-CVE-2020-22037.patch
+++ b/ffmpeg-CVE-2020-22037.patch
@ -0,0 +1,56 @@
+diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/frame_thread_encoder.c ffmpeg-4.4.new/libavcodec/frame_thread_encoder.c
+--- ffmpeg-4.4.old/libavcodec/frame_thread_encoder.c	2021-04-09 05:28:39.000000000 +0800
+++ ffmpeg-4.4.new/libavcodec/frame_thread_encoder.c	2021-09-26 10:51:25.616140633 +0800
+@@ -124,7 +124,7 @@
+ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
+     int i=0;
+     ThreadContext *c;
+-
+    AVCodecContext *thread_avctx = NULL;
+ 
+     if(   !(avctx->thread_type & FF_THREAD_FRAME)
+        || !(avctx->codec->capabilities & AV_CODEC_CAP_FRAME_THREADS))
+@@ -205,16 +205,17 @@
+         AVDictionary *tmp = NULL;
+         int ret;
+         void *tmpv;
+-        AVCodecContext *thread_avctx = avcodec_alloc_context3(avctx->codec);
+        thread_avctx = avcodec_alloc_context3(avctx->codec);
+         if(!thread_avctx)
+             goto fail;
+         tmpv = thread_avctx->priv_data;
+         *thread_avctx = *avctx;
+        thread_avctx->priv_data = tmpv;
+        thread_avctx->internal = NULL;
+        thread_avctx->hw_frames_ctx = NULL;
+         ret = av_opt_copy(thread_avctx, avctx);
+         if (ret < 0)
+             goto fail;
+-        thread_avctx->priv_data = tmpv;
+-        thread_avctx->internal = NULL;
+         if (avctx->codec->priv_class) {
+             int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data);
+             if (ret < 0)
+@@ -243,6 +244,8 @@
+ 
+     return 0;
+ fail:
+    avcodec_close(thread_avctx);
+    av_freep(&thread_avctx);
+     avctx->thread_count = i;
+     av_log(avctx, AV_LOG_ERROR, "ff_frame_thread_encoder_init failed\n");
+     ff_frame_thread_encoder_free(avctx);
+diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/frame_thread_encoder.h ffmpeg-4.4.new/libavcodec/frame_thread_encoder.h
+--- ffmpeg-4.4.old/libavcodec/frame_thread_encoder.h	2021-04-09 05:28:39.000000000 +0800
+++ ffmpeg-4.4.new/libavcodec/frame_thread_encoder.h	2021-09-26 10:52:37.122774657 +0800
+@@ -23,6 +23,10 @@
+ 
+ #include "avcodec.h"
+ 
+/**
+ * Initialize frame thread encoder.
+ * @note hardware encoders are not supported
+ */
+ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options);
+ void ff_frame_thread_encoder_free(AVCodecContext *avctx);
+ int ff_thread_video_encode_frame(AVCodecContext *avctx, AVPacket *pkt,