forked from pool/ffmpeg-4
Accepting request 1035935 from home:AZhou:branches:multimedia:libs
- Add ffmpeg-CVE-2022-3964.patch: Backport from upstream to fix out of bounds read in update_block_in_prev_frame() (bsc#1205388). OBS-URL: https://build.opensuse.org/request/show/1035935 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=188
This commit is contained in:
parent
037338de44
commit
fcff620a44
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 16 01:31:02 UTC 2022 - Alynx Zhou <alynx.zhou@suse.com>
|
||||
|
||||
- Add ffmpeg-CVE-2022-3964.patch: Backport from upstream to fix
|
||||
out of bounds read in update_block_in_prev_frame() (bsc#1205388).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 10 11:18:30 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
|
@ -120,6 +120,7 @@ Patch8: vmaf-trim-usr-local.patch
|
||||
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
|
||||
Patch10: ffmpeg-chromium.patch
|
||||
Patch11: ffmpeg-libglslang-detection.patch
|
||||
Patch12: ffmpeg-CVE-2022-3964.patch
|
||||
BuildRequires: ladspa-devel
|
||||
BuildRequires: libgsm-devel
|
||||
BuildRequires: libmp3lame-devel
|
||||
|
70
ffmpeg-CVE-2022-3964.patch
Normal file
70
ffmpeg-CVE-2022-3964.patch
Normal file
@ -0,0 +1,70 @@
|
||||
diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/rpzaenc.c ffmpeg-4.4.new/libavcodec/rpzaenc.c
|
||||
--- ffmpeg-4.4.old/libavcodec/rpzaenc.c 2022-11-15 14:41:42.262978968 +0800
|
||||
+++ ffmpeg-4.4.new/libavcodec/rpzaenc.c 2022-11-15 14:43:37.183516204 +0800
|
||||
@@ -204,7 +204,7 @@
|
||||
|
||||
// loop thru and compare pixels
|
||||
for (y = 0; y < bi->block_height; y++) {
|
||||
- for (x = 0; x < bi->block_width; x++){
|
||||
+ for (x = 0; x < bi->block_width; x++) {
|
||||
// TODO: optimize
|
||||
min_r = FFMIN(R(block_ptr[x]), min_r);
|
||||
min_g = FFMIN(G(block_ptr[x]), min_g);
|
||||
@@ -276,7 +276,7 @@
|
||||
return -1;
|
||||
|
||||
for (i = 0; i < bi->block_height; i++) {
|
||||
- for (j = 0; j < bi->block_width; j++){
|
||||
+ for (j = 0; j < bi->block_width; j++) {
|
||||
x = GET_CHAN(block_ptr[j], xchannel);
|
||||
y = GET_CHAN(block_ptr[j], ychannel);
|
||||
sumx += x;
|
||||
@@ -323,7 +323,7 @@
|
||||
int max_err = 0;
|
||||
|
||||
for (i = 0; i < bi->block_height; i++) {
|
||||
- for (j = 0; j < bi->block_width; j++){
|
||||
+ for (j = 0; j < bi->block_width; j++) {
|
||||
int x_inc, lin_y, lin_x;
|
||||
x = GET_CHAN(block_ptr[j], xchannel);
|
||||
y = GET_CHAN(block_ptr[j], ychannel);
|
||||
@@ -418,7 +418,9 @@
|
||||
uint16_t *dest_pixels,
|
||||
const BlockInfo *bi, int block_counter)
|
||||
{
|
||||
- for (int y = 0; y < 4; y++) {
|
||||
+ const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
|
||||
+
|
||||
+ for (int y = 0; y < y_size; y++) {
|
||||
memcpy(dest_pixels, src_pixels, 8);
|
||||
dest_pixels += bi->rowstride;
|
||||
src_pixels += bi->rowstride;
|
||||
@@ -728,13 +730,14 @@
|
||||
|
||||
if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
|
||||
uint16_t *row_ptr;
|
||||
- int rgb555;
|
||||
+ int y_size, rgb555;
|
||||
|
||||
block_offset = get_block_info(&bi, block_counter);
|
||||
|
||||
row_ptr = &src_pixels[block_offset];
|
||||
+ y_size = FFMIN(4, bi.image_height - bi.row * 4);
|
||||
|
||||
- for (int y = 0; y < 4; y++) {
|
||||
+ for (int y = 0; y < y_size; y++) {
|
||||
for (int x = 0; x < 4; x++){
|
||||
rgb555 = row_ptr[x] & ~0x8000;
|
||||
|
||||
@@ -743,6 +746,11 @@
|
||||
row_ptr += bi.rowstride;
|
||||
}
|
||||
|
||||
+ for (int y = y_size; y < 4; y++) {
|
||||
+ for (int x = 0; x < 4; x++)
|
||||
+ put_bits(&s->pb, 16, 0);
|
||||
+ }
|
||||
+
|
||||
block_counter++;
|
||||
} else { // FOUR COLOR BLOCK
|
||||
block_counter += encode_four_color_block(min_color, max_color,
|
Loading…
Reference in New Issue
Block a user