SHA256
1
0
forked from pool/ffmpeg-4
ffmpeg-4/ffmpeg-CVE-2022-3109.patch
Jan Engelhardt 10330b2059 Accepting request 1044384 from home:AZhou:branches:multimedia:libs
- Add ffmpeg-CVE-2022-3109.patch: Backport from upstream to fix
  null pointer dereference in vp3_decode_frame() (bsc#1206442).

OBS-URL: https://build.opensuse.org/request/show/1044384
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=190
2022-12-23 10:14:13 +00:00

19 lines
723 B
Diff

diff --unified --recursive --text --new-file --color ffmpeg-4.4.3.old/libavcodec/vp3.c ffmpeg-4.4.3.new/libavcodec/vp3.c
--- ffmpeg-4.4.3.old/libavcodec/vp3.c 2022-10-10 03:04:38.000000000 +0800
+++ ffmpeg-4.4.3.new/libavcodec/vp3.c 2022-12-23 16:25:47.902576459 +0800
@@ -2683,8 +2683,13 @@
if ((ret = ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF)) < 0)
goto error;
- if (!s->edge_emu_buffer)
+ if (!s->edge_emu_buffer) {
s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
+ if (!s->edge_emu_buffer) {
+ ret = AVERROR(ENOMEM);
+ goto error;
+ }
+ }
if (s->keyframe) {
if (!s->theora) {