SHA256
1
0
forked from pool/ffmpeg-4

ffmpeg 4.4.5

This commit is contained in:
Jan Engelhardt 2025-01-06 13:57:01 +01:00
parent 79e46abe56
commit 52f36ca5b3
15 changed files with 51 additions and 368 deletions

View File

@ -1,47 +0,0 @@
From c3c8f97a9804b4234e97f13b0057ffc2c9af27c0 Mon Sep 17 00:00:00 2001
From: Christopher Degawa <christopher.degawa@intel.com>
Date: Thu, 20 Oct 2022 22:55:27 -0500
Subject: [PATCH] avcodec/libsvtav1: remove compressed_ten_bit_format and
simplify alloc_buffer
compressed_ten_bit_format has been deprecated upstream and has no effect
and can be removed. Plus, technically it was never used in the first place
since it would require the app (ffmpeg) to set it and do additional
processing of the input frames.
Also simplify alloc_buffer by removing calculations relating to the
non-existant processing.
Signed-off-by: Christopher Degawa <christopher.degawa@intel.com>
(cherry picked from commit 031f1561cd286596cdb374da32f8aa816ce3b135)
---
libavcodec/libsvtav1.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c
index cfd93a2484..38777b0fb7 100644
--- a/libavcodec/libsvtav1.c
+++ b/libavcodec/libsvtav1.c
@@ -120,16 +120,12 @@ static int svt_print_error(void *log_ctx, EbErrorType err,
static int alloc_buffer(EbSvtAv1EncConfiguration *config, SvtContext *svt_enc)
{
- const int pack_mode_10bit =
- (config->encoder_bit_depth > 8) && (config->compressed_ten_bit_format == 0) ? 1 : 0;
- const size_t luma_size_8bit =
- config->source_width * config->source_height * (1 << pack_mode_10bit);
- const size_t luma_size_10bit =
- (config->encoder_bit_depth > 8 && pack_mode_10bit == 0) ? luma_size_8bit : 0;
+ const size_t luma_size = config->source_width * config->source_height *
+ (config->encoder_bit_depth > 8 ? 2 : 1);
EbSvtIOFormat *in_data;
- svt_enc->raw_size = (luma_size_8bit + luma_size_10bit) * 3 / 2;
+ svt_enc->raw_size = luma_size * 3 / 2;
// allocate buffer for in and out
svt_enc->in_buf = av_mallocz(sizeof(*svt_enc->in_buf));
--
2.41.0

View File

@ -1,76 +0,0 @@
From effadce6c756247ea8bae32dc13bb3e6f464f0eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= <remi@remlab.net>
Date: Sun, 16 Jul 2023 18:18:02 +0300
Subject: [PATCH] avcodec/x86/mathops: clip constants used with shift
instructions within inline assembly
Fixes assembling with binutil as >= 2.41
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavcodec/x86/mathops.h | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/libavcodec/x86/mathops.h b/libavcodec/x86/mathops.h
index 6298f5ed19..ca7e2dffc1 100644
--- a/libavcodec/x86/mathops.h
+++ b/libavcodec/x86/mathops.h
@@ -35,12 +35,20 @@
static av_always_inline av_const int MULL(int a, int b, unsigned shift)
{
int rt, dummy;
+ if (__builtin_constant_p(shift))
__asm__ (
"imull %3 \n\t"
"shrdl %4, %%edx, %%eax \n\t"
:"=a"(rt), "=d"(dummy)
- :"a"(a), "rm"(b), "ci"((uint8_t)shift)
+ :"a"(a), "rm"(b), "i"(shift & 0x1F)
);
+ else
+ __asm__ (
+ "imull %3 \n\t"
+ "shrdl %4, %%edx, %%eax \n\t"
+ :"=a"(rt), "=d"(dummy)
+ :"a"(a), "rm"(b), "c"((uint8_t)shift)
+ );
return rt;
}
@@ -113,19 +121,31 @@ __asm__ volatile(\
// avoid +32 for shift optimization (gcc should do that ...)
#define NEG_SSR32 NEG_SSR32
static inline int32_t NEG_SSR32( int32_t a, int8_t s){
+ if (__builtin_constant_p(s))
__asm__ ("sarl %1, %0\n\t"
: "+r" (a)
- : "ic" ((uint8_t)(-s))
+ : "i" (-s & 0x1F)
);
+ else
+ __asm__ ("sarl %1, %0\n\t"
+ : "+r" (a)
+ : "c" ((uint8_t)(-s))
+ );
return a;
}
#define NEG_USR32 NEG_USR32
static inline uint32_t NEG_USR32(uint32_t a, int8_t s){
+ if (__builtin_constant_p(s))
__asm__ ("shrl %1, %0\n\t"
: "+r" (a)
- : "ic" ((uint8_t)(-s))
+ : "i" (-s & 0x1F)
);
+ else
+ __asm__ ("shrl %1, %0\n\t"
+ : "+r" (a)
+ : "c" ((uint8_t)(-s))
+ );
return a;
}
--
2.42.0

View File

@ -1,29 +0,0 @@
From 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 23 Dec 2023 04:03:01 +0100
Subject: [PATCH] avfilter/af_stereowiden: Check length
References: https://bugzilla.opensuse.org/1223437
References: CVE-2023-51794
Fixes: out of array access
Fixes: tickets/10746/poc13ffmpeg
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavfilter/af_stereowiden.c | 2 ++
1 file changed, 2 insertions(+)
Index: ffmpeg-4.4.4/libavfilter/af_stereowiden.c
===================================================================
--- ffmpeg-4.4.4.orig/libavfilter/af_stereowiden.c
+++ ffmpeg-4.4.4/libavfilter/af_stereowiden.c
@@ -75,6 +75,8 @@ static int config_input(AVFilterLink *in
s->length = s->delay * inlink->sample_rate / 1000;
s->length *= 2;
+ if (s->length == 0)
+ return AVERROR(EINVAL);
s->buffer = av_calloc(s->length, sizeof(*s->buffer));
if (!s->buffer)
return AVERROR(ENOMEM);

View File

@ -1,40 +0,0 @@
From 68146f06f852078866b3ef1564556e3a272920c7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 30 Dec 2023 02:51:32 +0100
Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division
References: https://bugzilla.opensuse.org/1223304
References: CVE-2023-51798
Fixes: FPE
Fixes: tickets/10758/poc20ffmpeg
Discovered by Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavfilter/vf_minterpolate.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
index 9920210ece..b2242a15ee 100644
--- a/libavfilter/vf_minterpolate.c
+++ b/libavfilter/vf_minterpolate.c
@@ -1075,8 +1075,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out)
pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den,
(int64_t) outlink->time_base.den * inlink->time_base.num);
- alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
- alpha = av_clip(alpha, 0, ALPHA_MAX);
+ if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) {
+ alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
+ alpha = av_clip(alpha, 0, ALPHA_MAX);
+ } else {
+ av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n");
+ alpha = 0;
+ }
if (alpha == 0 || alpha == ALPHA_MAX) {
av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf);
--
2.44.0

View File

@ -1,23 +0,0 @@
commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon Apr 8 18:38:42 2024 +0200
avcodec/mpegvideo_enc: Fix 1 line and one column images
Fixes: Ticket10952
Fixes: poc21ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
--- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c
+++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c
@@ -1263,8 +1263,8 @@
int dst_stride = i ? s->uvlinesize : s->linesize;
int h_shift = i ? h_chroma_shift : 0;
int v_shift = i ? v_chroma_shift : 0;
- int w = s->width >> h_shift;
- int h = s->height >> v_shift;
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
uint8_t *src = pic_arg->data[i];
uint8_t *dst = pic->f->data[i];
int vpad = 16;

View File

@ -1,29 +0,0 @@
From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 18 Jul 2024 21:12:54 +0200
Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
References: CVE-2024-7055
References: bsc#1229026
Upstream: Backport from upstream
Fixes: out of array read
Fixes: poc3
Reported-by: VulDB CNA Team
Found-by: CookedMelon
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/pnmdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- ffmpeg-4.4.4/libavcodec/pnmdec.c
+++ ffmpeg-4.4.4_new/libavcodec/pnmdec.c
@@ -256,7 +256,7 @@
}
break;
case AV_PIX_FMT_GBRPF32:
- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
+ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
return AVERROR_INVALIDDATA;
scale = 1.f / s->scale;
if (s->endian) {

View File

@ -1,7 +1,14 @@
Index: ffmpeg-4.4.3/configure ---
configure | 3 ++
libavcodec/dlopen.h | 12 ++++++++++
libavcodec/libfdk-aacdec.c | 53 +++++++++++++++++++++++++++++++++++++++++++++
libavcodec/libfdk-aacenc.c | 47 +++++++++++++++++++++++++++++++++++++++
4 files changed, 115 insertions(+)
Index: ffmpeg-4.4.5/configure
=================================================================== ===================================================================
--- ffmpeg-4.4.3.orig/configure --- ffmpeg-4.4.5.orig/configure
+++ ffmpeg-4.4.3/configure +++ ffmpeg-4.4.5/configure
@@ -232,6 +232,7 @@ External library support: @@ -232,6 +232,7 @@ External library support:
--enable-libdc1394 enable IIDC-1394 grabbing using libdc1394 --enable-libdc1394 enable IIDC-1394 grabbing using libdc1394
and libraw1394 [no] and libraw1394 [no]
@ -15,10 +22,10 @@ Index: ffmpeg-4.4.3/configure
decklink decklink
libfdk_aac libfdk_aac
+ libfdk_aac_dlopen + libfdk_aac_dlopen
openssl
libtls libtls
" "
@@ -6368,6 +6370,7 @@ enabled libdrm && require_pkg
@@ -6370,6 +6372,7 @@ enabled libdrm && require_pkg
enabled libfdk_aac && { check_pkg_config libfdk_aac fdk-aac "fdk-aac/aacenc_lib.h" aacEncOpen || enabled libfdk_aac && { check_pkg_config libfdk_aac fdk-aac "fdk-aac/aacenc_lib.h" aacEncOpen ||
{ require libfdk_aac fdk-aac/aacenc_lib.h aacEncOpen -lfdk-aac && { require libfdk_aac fdk-aac/aacenc_lib.h aacEncOpen -lfdk-aac &&
warn "using libfdk without pkg-config"; } } warn "using libfdk without pkg-config"; } }
@ -26,10 +33,10 @@ Index: ffmpeg-4.4.3/configure
flite_extralibs="-lflite_cmu_time_awb -lflite_cmu_us_awb -lflite_cmu_us_kal -lflite_cmu_us_kal16 -lflite_cmu_us_rms -lflite_cmu_us_slt -lflite_usenglish -lflite_cmulex -lflite" flite_extralibs="-lflite_cmu_time_awb -lflite_cmu_us_awb -lflite_cmu_us_kal -lflite_cmu_us_kal16 -lflite_cmu_us_rms -lflite_cmu_us_slt -lflite_usenglish -lflite_cmulex -lflite"
enabled libflite && require libflite "flite/flite.h" flite_init $flite_extralibs enabled libflite && require libflite "flite/flite.h" flite_init $flite_extralibs
enabled fontconfig && enable libfontconfig enabled fontconfig && enable libfontconfig
Index: ffmpeg-4.4.3/libavcodec/dlopen.h Index: ffmpeg-4.4.5/libavcodec/dlopen.h
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ ffmpeg-4.4.3/libavcodec/dlopen.h +++ ffmpeg-4.4.5/libavcodec/dlopen.h
@@ -0,0 +1,12 @@ @@ -0,0 +1,12 @@
+#ifndef LOCALINC_DLOPEN_H +#ifndef LOCALINC_DLOPEN_H
+#define LOCALINC_DLOPEN_H +#define LOCALINC_DLOPEN_H
@ -43,10 +50,10 @@ Index: ffmpeg-4.4.3/libavcodec/dlopen.h
+ goto error; + goto error;
+ +
+#endif +#endif
Index: ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c Index: ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c
=================================================================== ===================================================================
--- ffmpeg-4.4.3.orig/libavcodec/libfdk-aacdec.c --- ffmpeg-4.4.5.orig/libavcodec/libfdk-aacdec.c
+++ ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c +++ ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c
@@ -37,6 +37,54 @@ @@ -37,6 +37,54 @@
#define AAC_PCM_MAX_OUTPUT_CHANNELS AAC_PCM_OUTPUT_CHANNELS #define AAC_PCM_MAX_OUTPUT_CHANNELS AAC_PCM_OUTPUT_CHANNELS
#endif #endif
@ -114,10 +121,10 @@ Index: ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c
s->handle = aacDecoder_Open(avctx->extradata_size ? TT_MP4_RAW : TT_MP4_ADTS, 1); s->handle = aacDecoder_Open(avctx->extradata_size ? TT_MP4_RAW : TT_MP4_ADTS, 1);
if (!s->handle) { if (!s->handle) {
av_log(avctx, AV_LOG_ERROR, "Error opening decoder\n"); av_log(avctx, AV_LOG_ERROR, "Error opening decoder\n");
Index: ffmpeg-4.4.3/libavcodec/libfdk-aacenc.c Index: ffmpeg-4.4.5/libavcodec/libfdk-aacenc.c
=================================================================== ===================================================================
--- ffmpeg-4.4.3.orig/libavcodec/libfdk-aacenc.c --- ffmpeg-4.4.5.orig/libavcodec/libfdk-aacenc.c
+++ ffmpeg-4.4.3/libavcodec/libfdk-aacenc.c +++ ffmpeg-4.4.5/libavcodec/libfdk-aacenc.c
@@ -35,6 +35,48 @@ @@ -35,6 +35,48 @@
#define FDKENC_VER_AT_LEAST(vl0, vl1) 0 #define FDKENC_VER_AT_LEAST(vl0, vl1) 0
#endif #endif

BIN
ffmpeg-4.4.4.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQFMBAABCAA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmQ2/oUYHGZmbXBlZy1k
ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYkGMH/iRlBGO1ZcCPnNpJt6pAqxcY
cP4hmanIPLLBPQfbHIwGUJDiTDIpXuFeWC7dt08Q8ndXtXbjTJ0T+hZP7Riuzns8
bwXfrCRioKlmIZSUg9WMErNW+vE/nUFn20q4PdzaWbeUbIsZEW6Btt4C4JuBCLsn
K2WZa7/GwaMnLLPIUIaNzW//aeUj11IhY74qB3k5nOhidgptY1en7xa9x1kZ3dvW
wx2vO+2fS5SlvBfj2KFAey+FX2LAEZFjRaiWRnzlO5daqO4acWMtRAQeMk5rs21W
NeTZUqZoPaaNfcFz1yWsBv19Fte4R9D8oD4TwMd5ikZZ2hjV+N+EMEFNWLoH02Q=
=e6RR
-----END PGP SIGNATURE-----

BIN
ffmpeg-4.4.5.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

11
ffmpeg-4.4.5.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmamzJUYHGZmbXBlZy1k
ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYZP8H/27rVRh4/NOvhP5JN2FhhWfo
BmAYgHWLag3a8P4yShGGgxhLjnd7LKOdSTIOb67Q7CgqzsQCV7c+VgUp068uhCod
J0TgnefWzw+iR3zupKEVRoFEsy/3A5RWXVWx42B7WTpkkShQWXaPHvUdH9ELwwfK
mq3TQMygmjjzDIa677i3uNUrb2CGyxdUXqGzmatUfrtXm0/mqUtz41neS5tuLQn5
xXcpmtsElkLK4ZaQWRC8w6emEyx49MqyRw7tTjIh/lPN+KTBUtcrYgDeCJt25H9s
2Hm9Obax0z2fPi71eP7GkbVXrGmwL1DcSegFW+TCW5CniWkWaWKe4+qDMepPtIo=
=byXw
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Mon Jan 6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Update to release 4.4.5
* Reliability/bug fixes
- Delete
0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
ffmpeg-CVE-2023-51793.patch
0001-avfilter-af_stereowiden-Check-length.patch
ffmpeg-CVE-2023-50010.patch
ffmpeg-4-CVE-2024-32230.patch
ffmpeg-4-CVE-2024-7055.patch (all merged)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Sep 6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com> Fri Sep 6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package ffmpeg-4 # spec file for package ffmpeg-4
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2025 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -98,7 +98,7 @@
%define _major_version 4 %define _major_version 4
%define _major_expected 5 %define _major_expected 5
Name: ffmpeg-4 Name: ffmpeg-4
Version: 4.4.4 Version: 4.4.5
Release: 0 Release: 0
Summary: Set of libraries for working with various multimedia formats Summary: Set of libraries for working with various multimedia formats
License: GPL-3.0-or-later License: GPL-3.0-or-later
@ -122,19 +122,11 @@ Patch5: soversion.patch
Patch9: ffmpeg-4.4-CVE-2020-22046.patch Patch9: ffmpeg-4.4-CVE-2020-22046.patch
Patch10: ffmpeg-chromium.patch Patch10: ffmpeg-chromium.patch
Patch11: ffmpeg-libglslang-detection.patch Patch11: ffmpeg-libglslang-detection.patch
Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
Patch14: ffmpeg-glslang-cxx17.patch Patch14: ffmpeg-glslang-cxx17.patch
Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
Patch16: 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
Patch17: ffmpeg-CVE-2023-49502.patch Patch17: ffmpeg-CVE-2023-49502.patch
Patch18: ffmpeg-CVE-2023-51793.patch
Patch19: 0001-avfilter-af_stereowiden-Check-length.patch
Patch20: ffmpeg-CVE-2023-50010.patch
Patch21: ffmpeg-4-CVE-2024-32230.patch
Patch22: ffmpeg-c99.patch Patch22: ffmpeg-c99.patch
Patch23: 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch Patch23: 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
Patch24: ffmpeg-4-CVE-2024-7055.patch
BuildRequires: ladspa-devel BuildRequires: ladspa-devel
BuildRequires: libgsm-devel BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel BuildRequires: libmp3lame-devel

View File

@ -1,30 +0,0 @@
commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (20231224_CVE-2023-50010_e4d2666bdc3dbd177a81bbf428654a5f2fa3787a)
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun Dec 24 20:50:51 2023 +0100
References: CVE-2023-50010
References: https://bugzilla.opensuse.org/1172424
avfilter/vf_gradfun: Do not overread last line
The code works in steps of 2 lines and lacks support for odd height
Implementing odd height support is better but for now this fixes the
out of array access
Fixes: out of array access
Fixes: tickets/10702/poc6ffmpe
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
diff -Nura ffmpeg-4.4.4/libavfilter/vf_gradfun.c ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c
--- ffmpeg-4.4.4/libavfilter/vf_gradfun.c 2023-04-13 02:01:50.000000000 +0800
+++ ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c 2024-05-07 19:32:05.287848683 +0800
@@ -93,7 +93,7 @@
for (y = 0; y < r; y++)
ctx->blur_line(dc, buf + y * bstride, buf + (y - 1) * bstride, src + 2 * y * src_linesize, src_linesize, width / 2);
for (;;) {
- if (y < height - r) {
+ if (y + 1 < height - r) {
int mod = ((y + r) / 2) % r;
uint16_t *buf0 = buf + mod * bstride;
uint16_t *buf1 = buf + (mod ? mod - 1 : r - 1) * bstride;

View File

@ -1,57 +0,0 @@
From 0ecc1f0e48930723d7a467761b66850811c23e62
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri Dec 22 12:31:35 2023 +0100
Subject: avfilter/vf_weave: Fix odd height handling
References: https://bugzilla.opensuse.org/1223272
References: CVE-2023-51793
Fixes: out of array access
Fixes: tickets/10743/poc10ffmpeg
Found-by: Zeng Yunxiang and Li Zeyuan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
diff -Nura ffmpeg-4.4.4/libavfilter/vf_weave.c ffmpeg-4.4.4_new/libavfilter/vf_weave.c
--- ffmpeg-4.4.4/libavfilter/vf_weave.c 2023-04-13 02:01:50.000000000 +0800
+++ ffmpeg-4.4.4_new/libavfilter/vf_weave.c 2024-04-26 02:30:07.113807721 +0800
@@ -30,6 +30,7 @@
int double_weave;
int nb_planes;
int planeheight[4];
+ int outheight[4];
int linesize[4];
AVFrame *prev;
@@ -85,6 +86,9 @@
s->planeheight[1] = s->planeheight[2] = AV_CEIL_RSHIFT(inlink->h, desc->log2_chroma_h);
s->planeheight[0] = s->planeheight[3] = inlink->h;
+ s->outheight[1] = s->outheight[2] = AV_CEIL_RSHIFT(2*inlink->h, desc->log2_chroma_h);
+ s->outheight[0] = s->outheight[3] = 2*inlink->h;
+
s->nb_planes = av_pix_fmt_count_planes(inlink->format);
return 0;
@@ -110,19 +114,20 @@
const int height = s->planeheight[i];
const int start = (height * jobnr) / nb_jobs;
const int end = (height * (jobnr+1)) / nb_jobs;
+ const int compensation = 2*end > s->outheight[i];
av_image_copy_plane(out->data[i] + out->linesize[i] * field1 +
out->linesize[i] * start * 2,
out->linesize[i] * 2,
in->data[i] + start * in->linesize[i],
in->linesize[i],
- s->linesize[i], end - start);
+ s->linesize[i], end - start - compensation * field1);
av_image_copy_plane(out->data[i] + out->linesize[i] * field2 +
out->linesize[i] * start * 2,
out->linesize[i] * 2,
s->prev->data[i] + start * s->prev->linesize[i],
s->prev->linesize[i],
- s->linesize[i], end - start);
+ s->linesize[i], end - start - compensation * field2);
}
return 0;