forked from pool/ffmpeg-4
Accepting request 729720 from multimedia:libs
- Add 0001-avcodec-h2645_parse-zero-initialize-the-rbsp-buffer.patch [boo#1149839, CVE-2019-15942] OBS-URL: https://build.opensuse.org/request/show/729720 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ffmpeg-4?expand=0&rev=19
This commit is contained in:
commit
1b0f0aee4b
@ -0,0 +1,49 @@
|
|||||||
|
From af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71 Mon Sep 17 00:00:00 2001
|
||||||
|
From: James Almer <jamrial@gmail.com>
|
||||||
|
Date: Mon, 26 Aug 2019 00:54:20 -0300
|
||||||
|
Subject: [PATCH] avcodec/h2645_parse: zero initialize the rbsp buffer
|
||||||
|
|
||||||
|
Fixes ticket #8093
|
||||||
|
|
||||||
|
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
||||||
|
Signed-off-by: James Almer <jamrial@gmail.com>
|
||||||
|
---
|
||||||
|
libavcodec/h2645_parse.c | 9 +++++++--
|
||||||
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
|
||||||
|
index 24658b3dfa..307e8643e6 100644
|
||||||
|
--- a/libavcodec/h2645_parse.c
|
||||||
|
+++ b/libavcodec/h2645_parse.c
|
||||||
|
@@ -345,13 +345,18 @@ static int find_next_start_code(const uint8_t *buf, const uint8_t *next_avc)
|
||||||
|
|
||||||
|
static void alloc_rbsp_buffer(H2645RBSP *rbsp, unsigned int size, int use_ref)
|
||||||
|
{
|
||||||
|
+ int min_size = size;
|
||||||
|
+
|
||||||
|
if (size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE)
|
||||||
|
goto fail;
|
||||||
|
size += AV_INPUT_BUFFER_PADDING_SIZE;
|
||||||
|
|
||||||
|
if (rbsp->rbsp_buffer_alloc_size >= size &&
|
||||||
|
- (!rbsp->rbsp_buffer_ref || av_buffer_is_writable(rbsp->rbsp_buffer_ref)))
|
||||||
|
+ (!rbsp->rbsp_buffer_ref || av_buffer_is_writable(rbsp->rbsp_buffer_ref))) {
|
||||||
|
+ av_assert0(rbsp->rbsp_buffer);
|
||||||
|
+ memset(rbsp->rbsp_buffer + min_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
|
||||||
|
return;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
size = FFMIN(size + size / 16 + 32, INT_MAX);
|
||||||
|
|
||||||
|
@@ -360,7 +365,7 @@ static void alloc_rbsp_buffer(H2645RBSP *rbsp, unsigned int size, int use_ref)
|
||||||
|
else
|
||||||
|
av_free(rbsp->rbsp_buffer);
|
||||||
|
|
||||||
|
- rbsp->rbsp_buffer = av_malloc(size);
|
||||||
|
+ rbsp->rbsp_buffer = av_mallocz(size);
|
||||||
|
if (!rbsp->rbsp_buffer)
|
||||||
|
goto fail;
|
||||||
|
rbsp->rbsp_buffer_alloc_size = size;
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
@ -30,7 +30,7 @@ Index: ffmpeg-4.2/libavcodec/dlopen.h
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ ffmpeg-4.2/libavcodec/dlopen.h
|
+++ ffmpeg-4.2/libavcodec/dlopen.h
|
||||||
@@ -0,0 +1,13 @@
|
@@ -0,0 +1,12 @@
|
||||||
+#ifndef LOCALINC_DLOPEN_H
|
+#ifndef LOCALINC_DLOPEN_H
|
||||||
+#define LOCALINC_DLOPEN_H
|
+#define LOCALINC_DLOPEN_H
|
||||||
+#include <dlfcn.h>
|
+#include <dlfcn.h>
|
||||||
@ -38,7 +38,6 @@ Index: ffmpeg-4.2/libavcodec/dlopen.h
|
|||||||
+#define str(x) #x
|
+#define str(x) #x
|
||||||
+
|
+
|
||||||
+#define dl_sym(func, args, lib) \
|
+#define dl_sym(func, args, lib) \
|
||||||
+ fprintf(stderr, "dlsym " #func "\n"); \
|
|
||||||
+ dl_##func = args dlsym(lib, #func); \
|
+ dl_##func = args dlsym(lib, #func); \
|
||||||
+ if ((err = dlerror())) \
|
+ if ((err = dlerror())) \
|
||||||
+ goto error;
|
+ goto error;
|
||||||
|
@ -1,3 +1,14 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Sep 10 08:30:36 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Add 0001-avcodec-h2645_parse-zero-initialize-the-rbsp-buffer.patch
|
||||||
|
[boo#1149839, CVE-2019-15942]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 4 12:05:35 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
||||||
|
|
||||||
|
- Make ffmpeg-4.2-dlopen-fdk_aac.patch less verbose
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 22 08:45:17 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
Thu Aug 22 08:45:17 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
|
||||||
|
|
||||||
@ -278,8 +289,8 @@ Tue Nov 06 01:39:11 UTC 2018 - sean@suspend.net
|
|||||||
|
|
||||||
Sat Nov 03 14:48:35 UTC 2018 - sean@suspend.net
|
Sat Nov 03 14:48:35 UTC 2018 - sean@suspend.net
|
||||||
|
|
||||||
- Remove 0001-avformat-fivenc-Check-audio-packet-size.patch (fixed upstream (bsc#8591d16)
|
- Remove 0001-avformat-fivenc-Check-audio-packet-size.patch (fixed upstream (bsc#8591d16)
|
||||||
- Update ffmpeg to 4.0.3
|
- Update ffmpeg to 4.0.3
|
||||||
* For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3
|
* For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1342,7 +1353,7 @@ Mon Dec 7 12:18:36 UTC 2015 - idonmez@suse.com
|
|||||||
* All packman specific changes are protected with BUILD_ORIG
|
* All packman specific changes are protected with BUILD_ORIG
|
||||||
- Added the following patches
|
- Added the following patches
|
||||||
* ffmpeg-2.4.5-arm6l.patch
|
* ffmpeg-2.4.5-arm6l.patch
|
||||||
* ffmpeg-libcdio_cdda-pkgconfig.patch
|
* ffmpeg-libcdio_cdda-pkgconfig.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Nov 29 11:24:54 UTC 2015 - jengelh@inai.de
|
Sun Nov 29 11:24:54 UTC 2015 - jengelh@inai.de
|
||||||
|
@ -122,6 +122,7 @@ Patch6: ffmpeg-4.2-dlopen-fdk_aac.patch
|
|||||||
# https://trac.ffmpeg.org/ticket/7861
|
# https://trac.ffmpeg.org/ticket/7861
|
||||||
Patch7: ffmpeg4_swscale_replace_illegal_vector_keyword.patch
|
Patch7: ffmpeg4_swscale_replace_illegal_vector_keyword.patch
|
||||||
Patch8: ffmpeg4_swscale_fix_altivec_vsx_recent_gcc.patch
|
Patch8: ffmpeg4_swscale_fix_altivec_vsx_recent_gcc.patch
|
||||||
|
Patch9: 0001-avcodec-h2645_parse-zero-initialize-the-rbsp-buffer.patch
|
||||||
BuildRequires: ladspa-devel
|
BuildRequires: ladspa-devel
|
||||||
BuildRequires: libgsm-devel
|
BuildRequires: libgsm-devel
|
||||||
BuildRequires: libmp3lame-devel
|
BuildRequires: libmp3lame-devel
|
||||||
|
Loading…
Reference in New Issue
Block a user