forked from pool/ffmpeg-4
Compare commits
1 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 15dc342aab |
31
ffmpeg-4-CVE-2024-35368.patch
Normal file
31
ffmpeg-4-CVE-2024-35368.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 4513300989502090c4fd6560544dce399a8cd53c Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
||||
Date: Sun, 24 Sep 2023 13:15:48 +0200
|
||||
Subject: [PATCH] avcodec/rkmppdec: Fix double-free on error
|
||||
|
||||
After having created the AVBuffer that is put into frame->buf[0],
|
||||
ownership of several objects (namely an AVDRMFrameDescriptor,
|
||||
an MppFrame and some AVBufferRefs framecontextref and decoder_ref)
|
||||
has passed to the AVBuffer and therefore to the frame.
|
||||
Yet it has nevertheless been freed manually on error
|
||||
afterwards, which would lead to a double-free as soon
|
||||
as the AVFrame is unreferenced.
|
||||
|
||||
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
||||
---
|
||||
libavcodec/rkmppdec.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/libavcodec/rkmppdec.c
|
||||
+++ b/libavcodec/rkmppdec.c
|
||||
@@ -460,8 +460,8 @@
|
||||
|
||||
frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref);
|
||||
if (!frame->hw_frames_ctx) {
|
||||
- ret = AVERROR(ENOMEM);
|
||||
- goto fail;
|
||||
+ av_frame_unref(frame);
|
||||
+ return AVERROR(ENOMEM);
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -39,6 +39,20 @@ Fri Feb 19 01:48:22 UTC 2025 - Cliff Zhao <qzhao@suse.com>
|
||||
to avoid null pointer dereference if allocation fails.
|
||||
(CVE-2024-12361, bsc#1237358)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 19 01:11:17 UTC 2025 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-4-CVE-2024-35368.patch:
|
||||
Backporting 45133009 from upstream, After having created the
|
||||
AVBuffer that is put into frame->buf[0], ownership of several
|
||||
objects Fix double-free on the AVFrame is unreferenced.
|
||||
(CVE-2024-35368, bsc#1234028)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
- Adjust bconds to build the package in SLFO without xvidcore.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
@ -57,11 +71,6 @@ Mon Jan 6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
|
||||
ffmpeg-4-CVE-2024-32230.patch
|
||||
ffmpeg-4-CVE-2024-7055.patch (all merged)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 15 08:18:54 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
- Adjust bconds to build the package in SLFO without xvidcore.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
|
||||
@ -137,11 +137,12 @@ Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
||||
Patch17: ffmpeg-CVE-2023-49502.patch
|
||||
Patch22: ffmpeg-c99.patch
|
||||
Patch23: 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
|
||||
Patch24: ffmpeg-4-CVE-2024-12361.patch
|
||||
Patch25: ffmpeg-4-CVE-2025-22919.patch
|
||||
Patch26: ffmpeg-4-CVE-2025-0518.patch
|
||||
Patch27: ffmpeg-4-CVE-2025-25473.patch
|
||||
Patch28: ffmpeg-4-CVE-2025-22921.patch
|
||||
Patch24: ffmpeg-4-CVE-2024-35368.patch
|
||||
Patch25: ffmpeg-4-CVE-2024-12361.patch
|
||||
Patch26: ffmpeg-4-CVE-2025-22919.patch
|
||||
Patch27: ffmpeg-4-CVE-2025-0518.patch
|
||||
Patch28: ffmpeg-4-CVE-2025-25473.patch
|
||||
Patch29: ffmpeg-4-CVE-2025-22921.patch
|
||||
BuildRequires: ladspa-devel
|
||||
BuildRequires: libgsm-devel
|
||||
BuildRequires: libmp3lame-devel
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user