forked from pool/ffmpeg-4
Accepting request 1169720 from multimedia:libs
- Address boo#1223070/CVE-2024-31578: add patch 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch OBS-URL: https://build.opensuse.org/request/show/1169720 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ffmpeg-4?expand=0&rev=64
This commit is contained in:
commit
bb86583c84
@ -0,0 +1,46 @@
|
||||
From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001
|
||||
From: Zhao Zhili <zhilizhao@tencent.com>
|
||||
Date: Tue, 20 Feb 2024 20:08:55 +0800
|
||||
Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant
|
||||
References: https://bugzilla.opensuse.org/1223070
|
||||
References: CVE-2024-31578
|
||||
|
||||
Fix heap use after free when vulkan_frames_init failed.
|
||||
|
||||
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
|
||||
---
|
||||
libavutil/hwcontext.c | 8 ++------
|
||||
1 file changed, 2 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
|
||||
index 1d2c2d7920..aa1329bf2b 100644
|
||||
--- a/libavutil/hwcontext.c
|
||||
+++ b/libavutil/hwcontext.c
|
||||
@@ -359,7 +359,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
|
||||
if (ctx->internal->hw_type->frames_init) {
|
||||
ret = ctx->internal->hw_type->frames_init(ctx);
|
||||
if (ret < 0)
|
||||
- goto fail;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
if (ctx->internal->pool_internal && !ctx->pool)
|
||||
@@ -369,14 +369,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
|
||||
if (ctx->initial_pool_size > 0) {
|
||||
ret = hwframe_pool_prealloc(ref);
|
||||
if (ret < 0)
|
||||
- goto fail;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
return 0;
|
||||
-fail:
|
||||
- if (ctx->internal->hw_type->frames_uninit)
|
||||
- ctx->internal->hw_type->frames_uninit(ctx);
|
||||
- return ret;
|
||||
}
|
||||
|
||||
int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
|
||||
--
|
||||
2.44.0
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Address boo#1223070/CVE-2024-31578: add patch
|
||||
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 2 09:34:15 UTC 2024 - Stefan Dirsch <sndirsch@suse.com>
|
||||
|
||||
|
@ -125,6 +125,7 @@ Patch11: ffmpeg-libglslang-detection.patch
|
||||
Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
|
||||
Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
|
||||
Patch14: ffmpeg-glslang-cxx17.patch
|
||||
Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
||||
BuildRequires: ladspa-devel
|
||||
BuildRequires: libgsm-devel
|
||||
BuildRequires: libmp3lame-devel
|
||||
|
Loading…
Reference in New Issue
Block a user