From 01f1756ec64fca6275c02842a9674f6f846e7e700a2bf37868b6f4e86b4a6d21 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 29 Apr 2020 12:54:41 +0000 Subject: [PATCH 1/4] - Add 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=112 --- ...vcodec-cbs_jpeg-Check-length-for-SOS.patch | 32 +++++++++++++++++++ ffmpeg-4.changes | 6 ++++ ffmpeg-4.spec | 1 + 3 files changed, 39 insertions(+) create mode 100644 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch diff --git a/0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch b/0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch new file mode 100644 index 0000000..07ff6df --- /dev/null +++ b/0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch @@ -0,0 +1,32 @@ +From 1812352d767ccf5431aa440123e2e260a4db2726 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Sat, 7 Mar 2020 15:42:58 +0100 +Subject: [PATCH] avcodec/cbs_jpeg: Check length for SOS + +Fixes: out of array access +Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584 +Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680 + +Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg +Signed-off-by: Michael Niedermayer +--- + libavcodec/cbs_jpeg.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c +index 6bbce5f89b..89512a26bb 100644 +--- a/libavcodec/cbs_jpeg.c ++++ b/libavcodec/cbs_jpeg.c +@@ -197,6 +197,9 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx, + if (marker == JPEG_MARKER_SOS) { + length = AV_RB16(frag->data + start); + ++ if (length > end - start) ++ return AVERROR_INVALIDDATA; ++ + data_ref = NULL; + data = av_malloc(end - start + + AV_INPUT_BUFFER_PADDING_SIZE); +-- +2.26.2 + diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index c08d104..3e35d1a 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 29 12:16:11 UTC 2020 - Jan Engelhardt + +- Add 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch + [boo#1170767] + ------------------------------------------------------------------- Fri Mar 31 00:41:22 UTC 2020 - Ismail Dönmez diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index 6948763..b819067 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -118,6 +118,7 @@ Patch6: ffmpeg-4.2-dlopen-fdk_aac.patch Patch7: ffmpeg4_swscale_replace_illegal_vector_keyword.patch Patch8: ffmpeg4_swscale_fix_altivec_vsx_recent_gcc.patch Patch9: 929e5159bc13da374b83f5627879c607acce180b.patch +Patch10: 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel From fc629d99dcf811a52a452e70cc525a308297ddfa70728fe416d7c381ec48acf6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 1 May 2020 16:28:12 +0000 Subject: [PATCH 2/4] Accepting request 799527 from home:matwey:branches:multimedia:libs - Enable v4l2 m2m encoders and decoders OBS-URL: https://build.opensuse.org/request/show/799527 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=113 --- enable_decoders | 10 ++++++++++ enable_encoders | 6 ++++++ ffmpeg-4.changes | 5 +++++ 3 files changed, 21 insertions(+) diff --git a/enable_decoders b/enable_decoders index 48c31d6..41ee64a 100644 --- a/enable_decoders +++ b/enable_decoders @@ -104,3 +104,13 @@ xwd # xwd y41p # trivial yuv4 # trivial zlib # zlib +h263_v4l2m2m # trivial +h264_v4l2m2m # trivial +hevc_v4l2m2m # trivial +mpeg1_v4l2m2m # trivial +vc1_v4l2m2m # trivial +mpeg2_v4l2m2m # trivial +mpeg4_v4l2m2m # trivial +vp8_v4l2m2m # trivial +vp9_v4l2m2m # trivial +wrapped_avframe # trivial diff --git a/enable_encoders b/enable_encoders index 6752889..de30611 100644 --- a/enable_encoders +++ b/enable_encoders @@ -83,3 +83,9 @@ xwd # xwd y41p # trivial yuv4 # trivial zlib # zlib +h263_v4l2m2m # trivial +h264_v4l2m2m # trivial +hevc_v4l2m2m # trivial +mpeg4_v4l2m2m # trivial +vp8_v4l2m2m # trivial +wrapped_avframe # trivial diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 3e35d1a..ddf9a3e 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Apr 30 18:00:28 UTC 2020 - Matwey Kornilov + +- Enable v4l2 m2m encoders and decoders + ------------------------------------------------------------------- Wed Apr 29 12:16:11 UTC 2020 - Jan Engelhardt From 57452d113ed14804645116c2ed89d76a64f79300c073de0c52b41c67f8ff9e51 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 1 May 2020 16:29:51 +0000 Subject: [PATCH 3/4] sort list OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=114 --- enable_decoders | 26 +++++++++++++------------- enable_encoders | 16 ++++++++-------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/enable_decoders b/enable_decoders index 41ee64a..ef4f323 100644 --- a/enable_decoders +++ b/enable_decoders @@ -14,6 +14,9 @@ ffwavesynth # pseudo flac # libFLAC gif # libpng gsm # libgsm +h263_v4l2m2m # passthrough +h264_v4l2m2m # passthrough +hevc_v4l2m2m # passthrough huffyuv # trivial+zlib ilbc # ilbc libaom # libaom @@ -30,15 +33,18 @@ libvorbis # libvorbis libvpx_vp8 # libvpx libvpx_vp9 # libvpx mjpeg # mjpegtools -mpeg1video -mpeg2video -#mpeg4 mp1 # twolame/lame mp1float # twolame/lame mp2 # twolame mp2float # twolame mp3 # lame mp3float # lame +mpeg1_v4l2m2m # passthrough +mpeg1video +mpeg2_v4l2m2m # passthrough +mpeg2video +#mpeg4 +mpeg4_v4l2m2m # passthrough opus # libopus pam # trivial pbm # trivial @@ -89,6 +95,7 @@ v210x # trivial v308 # trivial v408 # trivial v410 # trivial +vc1_v4l2m2m # passthrough vorbis # libvorbis vp3 # libav vp5 # libav @@ -96,21 +103,14 @@ vp6 # libav vp6a # libav vp6f # libav vp8 # libvpx +vp8_v4l2m2m # passthrough vp9 # libvpx +vp9_v4l2m2m # passthrough webp # libwebp webvtt # trivial +wrapped_avframe # passthrough xbm # trivial xwd # xwd y41p # trivial yuv4 # trivial zlib # zlib -h263_v4l2m2m # trivial -h264_v4l2m2m # trivial -hevc_v4l2m2m # trivial -mpeg1_v4l2m2m # trivial -vc1_v4l2m2m # trivial -mpeg2_v4l2m2m # trivial -mpeg4_v4l2m2m # trivial -vp8_v4l2m2m # trivial -vp9_v4l2m2m # trivial -wrapped_avframe # trivial diff --git a/enable_encoders b/enable_encoders index de30611..ff2967c 100644 --- a/enable_encoders +++ b/enable_encoders @@ -8,6 +8,9 @@ ffv1 ffvhuff # trivial+zlib flac # libFLAC gif # libpng +h263_v4l2m2m # passthrough +h264_v4l2m2m # passthrough +hevc_v4l2m2m # passthrough huffyuv # trivial+zlib jpegls libaom # libaom @@ -27,10 +30,11 @@ libvpx_vp9 libwebp libwebp_anim mjpeg # mjpegtools -mpeg1video -mpeg2video mp2 # twolame mp2fixed # twolame +mpeg1video +mpeg2video +mpeg4_v4l2m2m # passthrough opus # opus pam pbm # trivial @@ -77,15 +81,11 @@ v308 # trivial v408 # trivial v410 # trivial vorbis # libvorbis +vp8_v4l2m2m # passthrough webvtt # trivial +wrapped_avframe # passthrough xbm # (X11) xwd # xwd y41p # trivial yuv4 # trivial zlib # zlib -h263_v4l2m2m # trivial -h264_v4l2m2m # trivial -hevc_v4l2m2m # trivial -mpeg4_v4l2m2m # trivial -vp8_v4l2m2m # trivial -wrapped_avframe # trivial From 70ab5e68a797efe00be8f097144e3e1f0e9226cb7a18bf8529ef48a98bc5b320 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 11 May 2020 09:40:52 +0000 Subject: [PATCH 4/4] - Throw out v4l2 m2m. This is likely the same case as boo#1041794. OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=115 --- enable_decoders | 9 --------- enable_encoders | 5 ----- ffmpeg-4.changes | 5 +++++ 3 files changed, 5 insertions(+), 14 deletions(-) diff --git a/enable_decoders b/enable_decoders index ef4f323..8d2b80f 100644 --- a/enable_decoders +++ b/enable_decoders @@ -14,9 +14,6 @@ ffwavesynth # pseudo flac # libFLAC gif # libpng gsm # libgsm -h263_v4l2m2m # passthrough -h264_v4l2m2m # passthrough -hevc_v4l2m2m # passthrough huffyuv # trivial+zlib ilbc # ilbc libaom # libaom @@ -39,12 +36,9 @@ mp2 # twolame mp2float # twolame mp3 # lame mp3float # lame -mpeg1_v4l2m2m # passthrough mpeg1video -mpeg2_v4l2m2m # passthrough mpeg2video #mpeg4 -mpeg4_v4l2m2m # passthrough opus # libopus pam # trivial pbm # trivial @@ -95,7 +89,6 @@ v210x # trivial v308 # trivial v408 # trivial v410 # trivial -vc1_v4l2m2m # passthrough vorbis # libvorbis vp3 # libav vp5 # libav @@ -103,9 +96,7 @@ vp6 # libav vp6a # libav vp6f # libav vp8 # libvpx -vp8_v4l2m2m # passthrough vp9 # libvpx -vp9_v4l2m2m # passthrough webp # libwebp webvtt # trivial wrapped_avframe # passthrough diff --git a/enable_encoders b/enable_encoders index ff2967c..98ab50c 100644 --- a/enable_encoders +++ b/enable_encoders @@ -8,9 +8,6 @@ ffv1 ffvhuff # trivial+zlib flac # libFLAC gif # libpng -h263_v4l2m2m # passthrough -h264_v4l2m2m # passthrough -hevc_v4l2m2m # passthrough huffyuv # trivial+zlib jpegls libaom # libaom @@ -34,7 +31,6 @@ mp2 # twolame mp2fixed # twolame mpeg1video mpeg2video -mpeg4_v4l2m2m # passthrough opus # opus pam pbm # trivial @@ -81,7 +77,6 @@ v308 # trivial v408 # trivial v410 # trivial vorbis # libvorbis -vp8_v4l2m2m # passthrough webvtt # trivial wrapped_avframe # passthrough xbm # (X11) diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index ddf9a3e..2694e42 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon May 11 09:40:09 UTC 2020 - Jan Engelhardt + +- Throw out v4l2 m2m. This is likely the same case as boo#1041794. + ------------------------------------------------------------------- Thu Apr 30 18:00:28 UTC 2020 - Matwey Kornilov