From 4f45d507950c7c7685c3030ae5431ba5fdfe6cbd4656d46960c2aa34e6e13533 Mon Sep 17 00:00:00 2001
From: Jonathan Kang <jonathankang@gnome.org>
Date: Thu, 24 Jul 2025 14:58:10 +0800
Subject: [PATCH] Add ffmpeg-CVE-2025-7700.patch

---
 ffmpeg-4-CVE-2025-7700.patch | 26 ++++++++++++++++++++++++++
 ffmpeg-4.changes             |  7 +++++++
 ffmpeg-4.spec                |  1 +
 3 files changed, 34 insertions(+)
 create mode 100644 ffmpeg-4-CVE-2025-7700.patch

diff --git a/ffmpeg-4-CVE-2025-7700.patch b/ffmpeg-4-CVE-2025-7700.patch
new file mode 100644
index 0000000..a56e4fa
--- /dev/null
+++ b/ffmpeg-4-CVE-2025-7700.patch
@@ -0,0 +1,26 @@
+Index: ffmpeg-4.4.6/libavcodec/alsdec.c
+===================================================================
+--- ffmpeg-4.4.6.orig/libavcodec/alsdec.c
++++ ffmpeg-4.4.6/libavcodec/alsdec.c
+@@ -2116,8 +2116,8 @@ static av_cold int decode_init(AVCodecCo
+         ctx->nbits  = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits));
+         ctx->mlz    = av_mallocz(sizeof(*ctx->mlz));
+ 
+-        if (!ctx->mlz || !ctx->acf || !ctx->shift_value || !ctx->last_shift_value
+-            || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
++        if (!ctx->larray || !ctx->nbits || !ctx->mlz || !ctx->acf || !ctx->shift_value
++            || !ctx->last_shift_value || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
+             av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
+             ret = AVERROR(ENOMEM);
+             goto fail;
+@@ -2128,6 +2128,10 @@ static av_cold int decode_init(AVCodecCo
+ 
+         for (c = 0; c < avctx->channels; ++c) {
+             ctx->raw_mantissa[c] = av_mallocz_array(ctx->cur_frame_length, sizeof(**ctx->raw_mantissa));
++            if (!ctx->raw_mantissa[c]) {
++                av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
++                ret = AVERROR(ENOMEM);
++                goto fail;
+         }
+     }
+ 
diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index ed08f08..f5244a9 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jul 23 07:01:22 UTC 2025 - SongChuan Kang <sckang@suse.com>
+
+- Add ffmpeg-CVE-2025-7700.patch: Add check for the return value
+  of av_malloc_array() and av_calloc() to avoid potential NULL
+  pointer dereference(CVE-2025-7700, bsc#1246790).
+
 -------------------------------------------------------------------
 Fri May 30 14:28:05 UTC 2025 - Cliff Zhao <qzhao@suse.com>
 
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index e2212e0..9debbb6 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -142,6 +142,7 @@ Patch28:        ffmpeg-4-CVE-2025-25473.patch
 Patch29:        ffmpeg-4-CVE-2025-22921.patch
 Patch30:        ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
 Patch31:        ffmpeg-4-CVE-2024-36618.patch
+Patch32:        ffmpeg-4-CVE-2025-7700.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
-- 
2.51.1