From b8335667a60801bf2d1a421e956365c56fbb6b14333b0fd7ec8e219468eb00c1 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 29 May 2024 09:17:54 +0000
Subject: [PATCH] - Add 0001-avfilter-af_stereowiden-Check-length.patch  
 [boo#1223437, CVE-2023-51794]

OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-5?expand=0&rev=94
---
 ...avfilter-af_stereowiden-Check-length.patch | 29 +++++++++++++++++++
 ffmpeg-5.changes                              |  6 ++++
 ffmpeg-5.spec                                 |  2 ++
 3 files changed, 37 insertions(+)
 create mode 100644 0001-avfilter-af_stereowiden-Check-length.patch

diff --git a/0001-avfilter-af_stereowiden-Check-length.patch b/0001-avfilter-af_stereowiden-Check-length.patch
new file mode 100644
index 0000000..3d439ab
--- /dev/null
+++ b/0001-avfilter-af_stereowiden-Check-length.patch
@@ -0,0 +1,29 @@
+From 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 23 Dec 2023 04:03:01 +0100
+Subject: [PATCH] avfilter/af_stereowiden: Check length
+References: https://bugzilla.opensuse.org/1223437
+References: CVE-2023-51794
+
+Fixes: out of array access
+Fixes: tickets/10746/poc13ffmpeg
+
+Found-by: Zeng Yunxiang
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavfilter/af_stereowiden.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+Index: ffmpeg-4.4.4/libavfilter/af_stereowiden.c
+===================================================================
+--- ffmpeg-4.4.4.orig/libavfilter/af_stereowiden.c
++++ ffmpeg-4.4.4/libavfilter/af_stereowiden.c
+@@ -75,6 +75,8 @@ static int config_input(AVFilterLink *in
+ 
+     s->length = s->delay * inlink->sample_rate / 1000;
+     s->length *= 2;
++    if (s->length == 0)
++        return AVERROR(EINVAL);
+     s->buffer = av_calloc(s->length, sizeof(*s->buffer));
+     if (!s->buffer)
+         return AVERROR(ENOMEM);
diff --git a/ffmpeg-5.changes b/ffmpeg-5.changes
index 67a2a9b..3ece908 100644
--- a/ffmpeg-5.changes
+++ b/ffmpeg-5.changes
@@ -5,6 +5,12 @@ Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
   Backporting e4d2666b from upstream, fixes the out of array access.
   (CVE-2023-50010 bsc#1223256)
 
+-------------------------------------------------------------------
+Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Add 0001-avfilter-af_stereowiden-Check-length.patch
+  [boo#1223437, CVE-2023-51794]
+
 -------------------------------------------------------------------
 Tue Apr 26 12:18:26 UTC 2024 - Cliff Zhao <qzhao@suse.com>
 
diff --git a/ffmpeg-5.spec b/ffmpeg-5.spec
index 4d250d1..117cd60 100644
--- a/ffmpeg-5.spec
+++ b/ffmpeg-5.spec
@@ -118,6 +118,7 @@ Patch13:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
 Patch14:        0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
 Patch15:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch16:        0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
+Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff
@@ -851,6 +852,7 @@ Patch13:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
 Patch14:        0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
 Patch15:        0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
 Patch16:        0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
+Patch17:        0001-avfilter-af_stereowiden-Check-length.patch
 Patch90:        ffmpeg-chromium.patch
 Patch91:        ffmpeg-dlopen-openh264.patch
 Patch93:        soname.diff