Accepting request 644174 from home:zhengqiang:branches:multimedia:libs

- Add ffmpeg-CVE-2018-13305.patch to add a missing check for
  negative values of mqaunt variable (CVE-2018-13305,
  bsc#1100345).

OBS-URL: https://build.opensuse.org/request/show/644174
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=27

ffmpeg-4.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Oct 23 06:05:42 UTC 2018 - qzheng@suse.com
+
+- Add ffmpeg-CVE-2018-13305.patch to add a missing check for
+  negative values of mqaunt variable (CVE-2018-13305,
+  bsc#1100345).
+
 -------------------------------------------------------------------
 Thu Sep 13 23:17:35 UTC 2018 - 9+suse@cirno.systems
 

ffmpeg-4.spec

@@ -120,6 +120,7 @@ Patch4:         ffmpeg-codec-choice.diff
 Patch5:         cve-2017-17555.diff
 Patch6:         0001-avformat-flvenc-Check-audio-packet-size.patch
 Patch7:         0001-avcodec-libaom-fix-setting-amount-of-threads.patch
+Patch8:         ffmpeg-CVE-2018-13305.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel

ffmpeg-CVE-2018-13305.patch

@@ -0,0 +1,13 @@
+diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c
+index b06ee9f..5b38183 100644
+--- a/libavcodec/vc1_block.c
++++ b/libavcodec/vc1_block.c
+@@ -188,7 +188,7 @@ static void vc1_put_signed_blocks_clamped(VC1Context *v)
+             mquant = v->altpq;                                 \
+         if ((edges&8) && s->mb_y == (s->mb_height - 1))        \
+             mquant = v->altpq;                                 \
+-        if (!mquant || mquant > 31) {                          \
++        if (!mquant || mquant > 31 || mquant < -31) {                          \
+             av_log(v->s.avctx, AV_LOG_ERROR,                   \
+                    "Overriding invalid mquant %d\n", mquant);  \
+             mquant = 1;                                        \