forked from pool/ffmpeg-5
address +1 issue/CVE
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-5?expand=0&rev=85
This commit is contained in:
parent
c7d526a909
commit
8acab4b7f8
@ -4,6 +4,8 @@ Date: Sun, 24 Dec 2023 20:31:02 +0100
|
|||||||
Subject: [PATCH] avfilter/avf_showspectrum: fix off by 1 error
|
Subject: [PATCH] avfilter/avf_showspectrum: fix off by 1 error
|
||||||
References: https://bugzilla.opensuse.org/1223087
|
References: https://bugzilla.opensuse.org/1223087
|
||||||
References: CVE-2024-31585
|
References: CVE-2024-31585
|
||||||
|
References: https://bugzilla.opensuse.org/1223273
|
||||||
|
References: CVE-2023-51795
|
||||||
|
|
||||||
Fixes: out of array access
|
Fixes: out of array access
|
||||||
Fixes: tickets/10749/poc15ffmpeg
|
Fixes: tickets/10749/poc15ffmpeg
|
||||||
|
@ -0,0 +1,32 @@
|
|||||||
|
From 61e73851a33f0b4cb7662f8578a4695e77bd3c19 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Niedermayer <michael@niedermayer.cc>
|
||||||
|
Date: Sat, 23 Dec 2023 18:04:32 +0100
|
||||||
|
Subject: [PATCH] avfilter/f_reverse: Apply PTS compensation only when pts is
|
||||||
|
available
|
||||||
|
References: https://bugzilla.opensuse.org/1223274
|
||||||
|
References: CVE-2023-51796
|
||||||
|
|
||||||
|
Fixes: out of array access
|
||||||
|
Fixes: tickets/10753/poc16ffmpeg
|
||||||
|
|
||||||
|
Regression since: 45dc668aea0edac34969b5a1ff76cf9ad3a09be1
|
||||||
|
Found-by: Zeng Yunxiang
|
||||||
|
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||||
|
---
|
||||||
|
libavfilter/f_reverse.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Index: ffmpeg-5.1.4/libavfilter/f_reverse.c
|
||||||
|
===================================================================
|
||||||
|
--- ffmpeg-5.1.4.orig/libavfilter/f_reverse.c
|
||||||
|
+++ ffmpeg-5.1.4/libavfilter/f_reverse.c
|
||||||
|
@@ -253,7 +253,8 @@ static int areverse_request_frame(AVFilt
|
||||||
|
if (ret == AVERROR_EOF && s->nb_frames > 0) {
|
||||||
|
AVFrame *out = s->frames[s->nb_frames - 1];
|
||||||
|
out->pts = s->pts[s->flush_idx++] - s->nb_samples;
|
||||||
|
- s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
|
||||||
|
+ if (s->nb_frames > 1)
|
||||||
|
+ s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
|
||||||
|
|
||||||
|
if (av_sample_fmt_is_planar(out->format))
|
||||||
|
reverse_samples_planar(out);
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Apr 22 23:10:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Address boo#1223274/CVE-2023-51796: add patch
|
||||||
|
0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
@ -9,7 +15,8 @@ Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
|||||||
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
|
||||||
- Address boo#1223085/CVE-2024-31582: add patch
|
- Address boo#1223085/CVE-2024-31582: add patch
|
||||||
0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
|
0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
|
||||||
- Address boo#1223087/CVE-2024-31585: add patch
|
- Address boo#1223087/CVE-2024-31585, boo#1223273/CVE-2023-51795:
|
||||||
|
add patch
|
||||||
0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
|
0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
|
Loading…
Reference in New Issue
Block a user