jengelh/ffmpeg-4
SHA256
1
0
Fork 2
forked from pool/ffmpeg-4
Code Pull Requests 1 Activity

Compare commits

base: jengelh:master
Branches Tags
jengelh:master
qzhao:master
pool:factory
pool:devel
..
compare: qzhao:master
Branches Tags
qzhao:master
jengelh:master
pool:factory
pool:devel

1 Commits
master ... master

Author SHA256 Message Date
ZhaoQiang
ea292cebc3 Disable xvid plugin build and dependence 
Since legal reviewers are concerned xvid patents have not expired
in Brazil, which should not be used in a commercial context.
https://en.wikipedia.org/wiki/Xvid
 2024-09-29 16:13:36 +08:00
15 changed files with 382 additions and 49 deletions
Show Stats Expand all files Collapse all files

47
0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch Normal file
View File

@ -0,0 +1,47 @@
From c3c8f97a9804b4234e97f13b0057ffc2c9af27c0 Mon Sep 17 00:00:00 2001
From: Christopher Degawa <christopher.degawa@intel.com>
Date: Thu, 20 Oct 2022 22:55:27 -0500
Subject: [PATCH] avcodec/libsvtav1: remove compressed_ten_bit_format and
simplify alloc_buffer
compressed_ten_bit_format has been deprecated upstream and has no effect
and can be removed. Plus, technically it was never used in the first place
since it would require the app (ffmpeg) to set it and do additional
processing of the input frames.
Also simplify alloc_buffer by removing calculations relating to the
non-existant processing.
Signed-off-by: Christopher Degawa <christopher.degawa@intel.com>
(cherry picked from commit 031f1561cd286596cdb374da32f8aa816ce3b135)
---
libavcodec/libsvtav1.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c
index cfd93a2484..38777b0fb7 100644
--- a/libavcodec/libsvtav1.c
+++ b/libavcodec/libsvtav1.c
@@ -120,16 +120,12 @@ static int svt_print_error(void *log_ctx, EbErrorType err,
static int alloc_buffer(EbSvtAv1EncConfiguration *config, SvtContext *svt_enc)
{
- const int pack_mode_10bit =
- (config->encoder_bit_depth > 8) && (config->compressed_ten_bit_format == 0) ? 1 : 0;
- const size_t luma_size_8bit =
- config->source_width * config->source_height * (1 << pack_mode_10bit);
- const size_t luma_size_10bit =
- (config->encoder_bit_depth > 8 && pack_mode_10bit == 0) ? luma_size_8bit : 0;
+ const size_t luma_size = config->source_width * config->source_height *
+ (config->encoder_bit_depth > 8 ? 2 : 1);
EbSvtIOFormat *in_data;
- svt_enc->raw_size = (luma_size_8bit + luma_size_10bit) * 3 / 2;
+ svt_enc->raw_size = luma_size * 3 / 2;
// allocate buffer for in and out
svt_enc->in_buf = av_mallocz(sizeof(*svt_enc->in_buf));
--
2.41.0

76
0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch Normal file
View File

@ -0,0 +1,76 @@
From effadce6c756247ea8bae32dc13bb3e6f464f0eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= <remi@remlab.net>
Date: Sun, 16 Jul 2023 18:18:02 +0300
Subject: [PATCH] avcodec/x86/mathops: clip constants used with shift
instructions within inline assembly
Fixes assembling with binutil as >= 2.41
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavcodec/x86/mathops.h | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/libavcodec/x86/mathops.h b/libavcodec/x86/mathops.h
index 6298f5ed19..ca7e2dffc1 100644
--- a/libavcodec/x86/mathops.h
+++ b/libavcodec/x86/mathops.h
@@ -35,12 +35,20 @@
static av_always_inline av_const int MULL(int a, int b, unsigned shift)
{
int rt, dummy;
+ if (__builtin_constant_p(shift))
__asm__ (
"imull %3 \n\t"
"shrdl %4, %%edx, %%eax \n\t"
:"=a"(rt), "=d"(dummy)
- :"a"(a), "rm"(b), "ci"((uint8_t)shift)
+ :"a"(a), "rm"(b), "i"(shift & 0x1F)
);
+ else
+ __asm__ (
+ "imull %3 \n\t"
+ "shrdl %4, %%edx, %%eax \n\t"
+ :"=a"(rt), "=d"(dummy)
+ :"a"(a), "rm"(b), "c"((uint8_t)shift)
+ );
return rt;
}
@@ -113,19 +121,31 @@ __asm__ volatile(\
// avoid +32 for shift optimization (gcc should do that ...)
#define NEG_SSR32 NEG_SSR32
static inline int32_t NEG_SSR32( int32_t a, int8_t s){
+ if (__builtin_constant_p(s))
__asm__ ("sarl %1, %0\n\t"
: "+r" (a)
- : "ic" ((uint8_t)(-s))
+ : "i" (-s & 0x1F)
);
+ else
+ __asm__ ("sarl %1, %0\n\t"
+ : "+r" (a)
+ : "c" ((uint8_t)(-s))
+ );
return a;
}
#define NEG_USR32 NEG_USR32
static inline uint32_t NEG_USR32(uint32_t a, int8_t s){
+ if (__builtin_constant_p(s))
__asm__ ("shrl %1, %0\n\t"
: "+r" (a)
- : "ic" ((uint8_t)(-s))
+ : "i" (-s & 0x1F)
);
+ else
+ __asm__ ("shrl %1, %0\n\t"
+ : "+r" (a)
+ : "c" ((uint8_t)(-s))
+ );
return a;
}
--
2.42.0

29
0001-avfilter-af_stereowiden-Check-length.patch Normal file
View File

@ -0,0 +1,29 @@
From 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 23 Dec 2023 04:03:01 +0100
Subject: [PATCH] avfilter/af_stereowiden: Check length
References: https://bugzilla.opensuse.org/1223437
References: CVE-2023-51794
Fixes: out of array access
Fixes: tickets/10746/poc13ffmpeg
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavfilter/af_stereowiden.c | 2 ++
1 file changed, 2 insertions(+)
Index: ffmpeg-4.4.4/libavfilter/af_stereowiden.c
===================================================================
--- ffmpeg-4.4.4.orig/libavfilter/af_stereowiden.c
+++ ffmpeg-4.4.4/libavfilter/af_stereowiden.c
@@ -75,6 +75,8 @@ static int config_input(AVFilterLink *in
s->length = s->delay * inlink->sample_rate / 1000;
s->length *= 2;
+ if (s->length == 0)
+ return AVERROR(EINVAL);
s->buffer = av_calloc(s->length, sizeof(*s->buffer));
if (!s->buffer)
return AVERROR(ENOMEM);

40
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch Normal file
View File

@ -0,0 +1,40 @@
From 68146f06f852078866b3ef1564556e3a272920c7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 30 Dec 2023 02:51:32 +0100
Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division
References: https://bugzilla.opensuse.org/1223304
References: CVE-2023-51798
Fixes: FPE
Fixes: tickets/10758/poc20ffmpeg
Discovered by Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavfilter/vf_minterpolate.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
index 9920210ece..b2242a15ee 100644
--- a/libavfilter/vf_minterpolate.c
+++ b/libavfilter/vf_minterpolate.c
@@ -1075,8 +1075,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out)
pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den,
(int64_t) outlink->time_base.den * inlink->time_base.num);
- alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
- alpha = av_clip(alpha, 0, ALPHA_MAX);
+ if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) {
+ alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
+ alpha = av_clip(alpha, 0, ALPHA_MAX);
+ } else {
+ av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n");
+ alpha = 0;
+ }
if (alpha == 0 || alpha == ALPHA_MAX) {
av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf);
--
2.44.0

23
ffmpeg-4-CVE-2024-32230.patch Normal file
View File

@ -0,0 +1,23 @@
commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon Apr 8 18:38:42 2024 +0200
avcodec/mpegvideo_enc: Fix 1 line and one column images
Fixes: Ticket10952
Fixes: poc21ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
--- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c
+++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c
@@ -1263,8 +1263,8 @@
int dst_stride = i ? s->uvlinesize : s->linesize;
int h_shift = i ? h_chroma_shift : 0;
int v_shift = i ? v_chroma_shift : 0;
- int w = s->width >> h_shift;
- int h = s->height >> v_shift;
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
uint8_t *src = pic_arg->data[i];
uint8_t *dst = pic->f->data[i];
int vpad = 16;

29
ffmpeg-4-CVE-2024-7055.patch Normal file
View File

@ -0,0 +1,29 @@
From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 18 Jul 2024 21:12:54 +0200
Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check
References: CVE-2024-7055
References: bsc#1229026
Upstream: Backport from upstream
Fixes: out of array read
Fixes: poc3
Reported-by: VulDB CNA Team
Found-by: CookedMelon
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/pnmdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- ffmpeg-4.4.4/libavcodec/pnmdec.c
+++ ffmpeg-4.4.4_new/libavcodec/pnmdec.c
@@ -256,7 +256,7 @@
}
break;
case AV_PIX_FMT_GBRPF32:
- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream)
+ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream)
return AVERROR_INVALIDDATA;
scale = 1.f / s->scale;
if (s->endian) {

33
ffmpeg-4.2-dlopen-fdk_aac.patch
View File

@ -1,14 +1,7 @@
---
configure | 3 ++
libavcodec/dlopen.h | 12 ++++++++++
libavcodec/libfdk-aacdec.c | 53 +++++++++++++++++++++++++++++++++++++++++++++
libavcodec/libfdk-aacenc.c | 47 +++++++++++++++++++++++++++++++++++++++
4 files changed, 115 insertions(+)
Index: ffmpeg-4.4.5/configure
Index: ffmpeg-4.4.3/configure
===================================================================
--- ffmpeg-4.4.5.orig/configure
+++ ffmpeg-4.4.5/configure
--- ffmpeg-4.4.3.orig/configure
+++ ffmpeg-4.4.3/configure
@@ -232,6 +232,7 @@ External library support:
--enable-libdc1394 enable IIDC-1394 grabbing using libdc1394
and libraw1394 [no]
@ -22,10 +15,10 @@ Index: ffmpeg-4.4.5/configure
decklink
libfdk_aac
+ libfdk_aac_dlopen
openssl
libtls
"
@@ -6370,6 +6372,7 @@ enabled libdrm && require_pkg
@@ -6368,6 +6370,7 @@ enabled libdrm && require_pkg
enabled libfdk_aac && { check_pkg_config libfdk_aac fdk-aac "fdk-aac/aacenc_lib.h" aacEncOpen ||
{ require libfdk_aac fdk-aac/aacenc_lib.h aacEncOpen -lfdk-aac &&
warn "using libfdk without pkg-config"; } }
@ -33,10 +26,10 @@ Index: ffmpeg-4.4.5/configure
flite_extralibs="-lflite_cmu_time_awb -lflite_cmu_us_awb -lflite_cmu_us_kal -lflite_cmu_us_kal16 -lflite_cmu_us_rms -lflite_cmu_us_slt -lflite_usenglish -lflite_cmulex -lflite"
enabled libflite && require libflite "flite/flite.h" flite_init $flite_extralibs
enabled fontconfig && enable libfontconfig
Index: ffmpeg-4.4.5/libavcodec/dlopen.h
Index: ffmpeg-4.4.3/libavcodec/dlopen.h
===================================================================
--- /dev/null
+++ ffmpeg-4.4.5/libavcodec/dlopen.h
+++ ffmpeg-4.4.3/libavcodec/dlopen.h
@@ -0,0 +1,12 @@
+#ifndef LOCALINC_DLOPEN_H
+#define LOCALINC_DLOPEN_H
@ -50,10 +43,10 @@ Index: ffmpeg-4.4.5/libavcodec/dlopen.h
+ goto error;
+
+#endif
Index: ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c
Index: ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c
===================================================================
--- ffmpeg-4.4.5.orig/libavcodec/libfdk-aacdec.c
+++ ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c
--- ffmpeg-4.4.3.orig/libavcodec/libfdk-aacdec.c
+++ ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c
@@ -37,6 +37,54 @@
#define AAC_PCM_MAX_OUTPUT_CHANNELS AAC_PCM_OUTPUT_CHANNELS
#endif
@ -121,10 +114,10 @@ Index: ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c
s->handle = aacDecoder_Open(avctx->extradata_size ? TT_MP4_RAW : TT_MP4_ADTS, 1);
if (!s->handle) {
av_log(avctx, AV_LOG_ERROR, "Error opening decoder\n");
Index: ffmpeg-4.4.5/libavcodec/libfdk-aacenc.c
Index: ffmpeg-4.4.3/libavcodec/libfdk-aacenc.c
===================================================================
--- ffmpeg-4.4.5.orig/libavcodec/libfdk-aacenc.c
+++ ffmpeg-4.4.5/libavcodec/libfdk-aacenc.c
--- ffmpeg-4.4.3.orig/libavcodec/libfdk-aacenc.c
+++ ffmpeg-4.4.3/libavcodec/libfdk-aacenc.c
@@ -35,6 +35,48 @@
#define FDKENC_VER_AT_LEAST(vl0, vl1) 0
#endif

BIN
ffmpeg-4.4.4.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

11
ffmpeg-4.4.4.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQFMBAABCAA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmQ2/oUYHGZmbXBlZy1k
ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYkGMH/iRlBGO1ZcCPnNpJt6pAqxcY
cP4hmanIPLLBPQfbHIwGUJDiTDIpXuFeWC7dt08Q8ndXtXbjTJ0T+hZP7Riuzns8
bwXfrCRioKlmIZSUg9WMErNW+vE/nUFn20q4PdzaWbeUbIsZEW6Btt4C4JuBCLsn
K2WZa7/GwaMnLLPIUIaNzW//aeUj11IhY74qB3k5nOhidgptY1en7xa9x1kZ3dvW
wx2vO+2fS5SlvBfj2KFAey+FX2LAEZFjRaiWRnzlO5daqO4acWMtRAQeMk5rs21W
NeTZUqZoPaaNfcFz1yWsBv19Fte4R9D8oD4TwMd5ikZZ2hjV+N+EMEFNWLoH02Q=
=e6RR
-----END PGP SIGNATURE-----

BIN
ffmpeg-4.4.5.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

11
ffmpeg-4.4.5.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmamzJUYHGZmbXBlZy1k
ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYZP8H/27rVRh4/NOvhP5JN2FhhWfo
BmAYgHWLag3a8P4yShGGgxhLjnd7LKOdSTIOb67Q7CgqzsQCV7c+VgUp068uhCod
J0TgnefWzw+iR3zupKEVRoFEsy/3A5RWXVWx42B7WTpkkShQWXaPHvUdH9ELwwfK
mq3TQMygmjjzDIa677i3uNUrb2CGyxdUXqGzmatUfrtXm0/mqUtz41neS5tuLQn5
xXcpmtsElkLK4ZaQWRC8w6emEyx49MqyRw7tTjIh/lPN+KTBUtcrYgDeCJt25H9s
2Hm9Obax0z2fPi71eP7GkbVXrGmwL1DcSegFW+TCW5CniWkWaWKe4+qDMepPtIo=
=byXw
-----END PGP SIGNATURE-----

18
ffmpeg-4.changes
View File

@ -1,17 +1,11 @@
-------------------------------------------------------------------
Mon Jan 6 11:53:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
Sun Sep 29 07:36:13 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Update to release 4.4.5
* Reliability/bug fixes
- Delete
0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
ffmpeg-CVE-2023-51793.patch
0001-avfilter-af_stereowiden-Check-length.patch
ffmpeg-CVE-2023-50010.patch
ffmpeg-4-CVE-2024-32230.patch
ffmpeg-4-CVE-2024-7055.patch (all merged)
- Update ffmpeg-4.spec:
Disable xvid plugin build and dependence, since legal reviewers
are concerned xvid patents have not expired in Brazil, which should
not be used in a commercial context.
https://en.wikipedia.org/wiki/Xvid
-------------------------------------------------------------------
Fri Sep 6 15:06:21 UTC 2024 - Cliff Zhao <qzhao@suse.com>

21
ffmpeg-4.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package ffmpeg-4
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -55,7 +55,13 @@
%bcond_with smbclient
%bcond_with x264
%bcond_with x265
# openSUSE legal reviewers are concerned xvid patents and should not be used in commercial context.
%if !0%{?is_opensuse}
%bcond_with xvid
%else
%bcond_without xvid
%endif
%if 0%{?suse_version} > 1500
%bcond_without libaom
@ -71,7 +77,6 @@
%bcond_without vulkan
%bcond_without amrwb
%bcond_without opencore
%bcond_without xvid
%else
%bcond_with libaom
%bcond_with mysofa
@ -98,7 +103,7 @@
%define _major_version 4
%define _major_expected 5
Name: ffmpeg-4
Version: 4.4.5
Version: 4.4.4
Release: 0
Summary: Set of libraries for working with various multimedia formats
License: GPL-3.0-or-later
@ -122,11 +127,19 @@ Patch5: soversion.patch
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
Patch10: ffmpeg-chromium.patch
Patch11: ffmpeg-libglslang-detection.patch
Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
Patch14: ffmpeg-glslang-cxx17.patch
Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
Patch16: 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
Patch17: ffmpeg-CVE-2023-49502.patch
Patch18: ffmpeg-CVE-2023-51793.patch
Patch19: 0001-avfilter-af_stereowiden-Check-length.patch
Patch20: ffmpeg-CVE-2023-50010.patch
Patch21: ffmpeg-4-CVE-2024-32230.patch
Patch22: ffmpeg-c99.patch
Patch23: 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
Patch24: ffmpeg-4-CVE-2024-7055.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel
@ -740,6 +753,8 @@ LDFLAGS="%_lto_cflags" \
%endif
%if %{with xvid}
--enable-libxvid \
%else
--disable-libxvid \
%endif
%if !0%{?BUILD_ORIG}
--enable-muxers \

30
ffmpeg-CVE-2023-50010.patch Normal file
View File

@ -0,0 +1,30 @@
commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (20231224_CVE-2023-50010_e4d2666bdc3dbd177a81bbf428654a5f2fa3787a)
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun Dec 24 20:50:51 2023 +0100
References: CVE-2023-50010
References: https://bugzilla.opensuse.org/1172424
avfilter/vf_gradfun: Do not overread last line
The code works in steps of 2 lines and lacks support for odd height
Implementing odd height support is better but for now this fixes the
out of array access
Fixes: out of array access
Fixes: tickets/10702/poc6ffmpe
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
diff -Nura ffmpeg-4.4.4/libavfilter/vf_gradfun.c ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c
--- ffmpeg-4.4.4/libavfilter/vf_gradfun.c 2023-04-13 02:01:50.000000000 +0800
+++ ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c 2024-05-07 19:32:05.287848683 +0800
@@ -93,7 +93,7 @@
for (y = 0; y < r; y++)
ctx->blur_line(dc, buf + y * bstride, buf + (y - 1) * bstride, src + 2 * y * src_linesize, src_linesize, width / 2);
for (;;) {
- if (y < height - r) {
+ if (y + 1 < height - r) {
int mod = ((y + r) / 2) % r;
uint16_t *buf0 = buf + mod * bstride;
uint16_t *buf1 = buf + (mod ? mod - 1 : r - 1) * bstride;

57
ffmpeg-CVE-2023-51793.patch Normal file
View File

@ -0,0 +1,57 @@
From 0ecc1f0e48930723d7a467761b66850811c23e62
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri Dec 22 12:31:35 2023 +0100
Subject: avfilter/vf_weave: Fix odd height handling
References: https://bugzilla.opensuse.org/1223272
References: CVE-2023-51793
Fixes: out of array access
Fixes: tickets/10743/poc10ffmpeg
Found-by: Zeng Yunxiang and Li Zeyuan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
diff -Nura ffmpeg-4.4.4/libavfilter/vf_weave.c ffmpeg-4.4.4_new/libavfilter/vf_weave.c
--- ffmpeg-4.4.4/libavfilter/vf_weave.c 2023-04-13 02:01:50.000000000 +0800
+++ ffmpeg-4.4.4_new/libavfilter/vf_weave.c 2024-04-26 02:30:07.113807721 +0800
@@ -30,6 +30,7 @@
int double_weave;
int nb_planes;
int planeheight[4];
+ int outheight[4];
int linesize[4];
AVFrame *prev;
@@ -85,6 +86,9 @@
s->planeheight[1] = s->planeheight[2] = AV_CEIL_RSHIFT(inlink->h, desc->log2_chroma_h);
s->planeheight[0] = s->planeheight[3] = inlink->h;
+ s->outheight[1] = s->outheight[2] = AV_CEIL_RSHIFT(2*inlink->h, desc->log2_chroma_h);
+ s->outheight[0] = s->outheight[3] = 2*inlink->h;
+
s->nb_planes = av_pix_fmt_count_planes(inlink->format);
return 0;
@@ -110,19 +114,20 @@
const int height = s->planeheight[i];
const int start = (height * jobnr) / nb_jobs;
const int end = (height * (jobnr+1)) / nb_jobs;
+ const int compensation = 2*end > s->outheight[i];
av_image_copy_plane(out->data[i] + out->linesize[i] * field1 +
out->linesize[i] * start * 2,
out->linesize[i] * 2,
in->data[i] + start * in->linesize[i],
in->linesize[i],
- s->linesize[i], end - start);
+ s->linesize[i], end - start - compensation * field1);
av_image_copy_plane(out->data[i] + out->linesize[i] * field2 +
out->linesize[i] * start * 2,
out->linesize[i] * 2,
s->prev->data[i] + start * s->prev->linesize[i],
s->prev->linesize[i],
- s->linesize[i], end - start);
+ s->linesize[i], end - start - compensation * field2);
}
return 0;