forked from pool/ffmpeg-7
Add ffmpeg-7-CVE-2024-32228.patch, ffmpeg-7-CVE-2024-32229.patch, ffmpeg-7-CVE-2024-32230.patch to fix CVE issues.
This commit is contained in:
parent
5866842008
commit
cfe0711bad
54
ffmpeg-7-CVE-2024-32228.patch
Normal file
54
ffmpeg-7-CVE-2024-32228.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From 459648761f5412acdc3317d5bac982ceaa257584
|
||||
Author: Niklas Haas <git@haasn.dev>
|
||||
Date: Sat Apr 6 13:11:09 2024 +0200
|
||||
Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
|
||||
References: CVE-2024-32228
|
||||
References: bsc#1227277
|
||||
Upstream: Backport from upstream
|
||||
|
||||
Invalid input files may contain film grain metadata which survives
|
||||
ff_h274_film_grain_params_supported() but does not pass
|
||||
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
|
||||
|
||||
Fix this by duplicating the av_film_grain_params_select() check at frame
|
||||
init time.
|
||||
|
||||
An alternative solution here would be to defer the incompatibility check
|
||||
to hevc_frame_end(), but this has the downside of allocating a film
|
||||
grain buffer even when we already know we can't apply film grain.
|
||||
|
||||
Fixes: https://trac.ffmpeg.org/ticket/10951
|
||||
|
||||
--- ffmpeg-7.0/libavcodec/hevcdec.c
|
||||
+++ ffmpeg-7.0_new/libavcodec/hevcdec.c
|
||||
@@ -2892,10 +2892,16 @@
|
||||
!(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
|
||||
!s->avctx->hwaccel;
|
||||
|
||||
+ ret = set_side_data(s);
|
||||
+ if (ret < 0)
|
||||
+ goto fail;
|
||||
+
|
||||
if (s->ref->needs_fg &&
|
||||
- s->sei.common.film_grain_characteristics.present &&
|
||||
- !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
|
||||
- s->ref->frame->format)) {
|
||||
+ ( s->sei.common.film_grain_characteristics.present &&
|
||||
+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
|
||||
+ s->ref->frame->format))
|
||||
+ || !av_film_grain_params_select(s->ref->frame)) {
|
||||
+
|
||||
av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
|
||||
"Unsupported film grain parameters. Ignoring film grain.\n");
|
||||
s->ref->needs_fg = 0;
|
||||
@@ -2909,10 +2915,6 @@
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- ret = set_side_data(s);
|
||||
- if (ret < 0)
|
||||
- goto fail;
|
||||
-
|
||||
s->frame->pict_type = 3 - s->sh.slice_type;
|
||||
|
||||
if (!IS_IRAP(s))
|
38
ffmpeg-7-CVE-2024-32229.patch
Normal file
38
ffmpeg-7-CVE-2024-32229.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From a528a54ee119dcba47e7c9e30d3a56206fbad416 Mon Sep 17 00:00:00 2001
|
||||
From: James Almer <jamrial@gmail.com>
|
||||
Date: Thu, 4 Jul 2024 14:55:23 -0300
|
||||
Subject: [PATCH] avfilter/vf_tiltandshift: fix buffer offset for yuv422p input
|
||||
|
||||
Fixes ticket #10950.
|
||||
|
||||
Signed-off-by: James Almer <jamrial@gmail.com>
|
||||
---
|
||||
libavfilter/vf_tiltandshift.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/libavfilter/vf_tiltandshift.c b/libavfilter/vf_tiltandshift.c
|
||||
index 85cce84fc3..b49a713339 100644
|
||||
--- a/libavfilter/vf_tiltandshift.c
|
||||
+++ b/libavfilter/vf_tiltandshift.c
|
||||
@@ -175,14 +175,14 @@ static void copy_column(AVFilterLink *outlink,
|
||||
const uint8_t *src[4];
|
||||
|
||||
dst[0] = dst_data[0] + ncol;
|
||||
- dst[1] = dst_data[1] + (ncol >> s->desc->log2_chroma_h);
|
||||
- dst[2] = dst_data[2] + (ncol >> s->desc->log2_chroma_h);
|
||||
+ dst[1] = dst_data[1] + (ncol >> s->desc->log2_chroma_w);
|
||||
+ dst[2] = dst_data[2] + (ncol >> s->desc->log2_chroma_w);
|
||||
|
||||
if (!tilt)
|
||||
ncol = 0;
|
||||
src[0] = src_data[0] + ncol;
|
||||
- src[1] = src_data[1] + (ncol >> s->desc->log2_chroma_h);
|
||||
- src[2] = src_data[2] + (ncol >> s->desc->log2_chroma_h);
|
||||
+ src[1] = src_data[1] + (ncol >> s->desc->log2_chroma_w);
|
||||
+ src[2] = src_data[2] + (ncol >> s->desc->log2_chroma_w);
|
||||
|
||||
av_image_copy(dst, dst_linesizes, src, src_linesizes, outlink->format, 1, outlink->h);
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
25
ffmpeg-7-CVE-2024-32230.patch
Normal file
25
ffmpeg-7-CVE-2024-32230.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1
|
||||
Author: Michael Niedermayer <michael@niedermayer.cc>
|
||||
Date: Mon Apr 8 18:38:42 2024 +0200
|
||||
Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images
|
||||
References: CVE-2024-32230
|
||||
References: bsc#1227296
|
||||
Upstream: Backport from upstream
|
||||
|
||||
Fixes: Ticket10952
|
||||
Fixes: poc21ffmpeg
|
||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||
|
||||
--- ffmpeg-7.0/libavcodec/mpegvideo_enc.c
|
||||
+++ ffmpeg-7.0_new/libavcodec/mpegvideo_enc.c
|
||||
@@ -1198,8 +1198,8 @@
|
||||
ptrdiff_t dst_stride = i ? s->uvlinesize : s->linesize;
|
||||
int h_shift = i ? s->chroma_x_shift : 0;
|
||||
int v_shift = i ? s->chroma_y_shift : 0;
|
||||
- int w = s->width >> h_shift;
|
||||
- int h = s->height >> v_shift;
|
||||
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
|
||||
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
|
||||
const uint8_t *src = pic_arg->data[i];
|
||||
uint8_t *dst = pic->f->data[i];
|
||||
int vpad = 16;
|
@ -1,9 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 5 14:18:52 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-7-CVE-2024-32229.patch:
|
||||
Backporting a528a54e from upstream, Fix buffer offset for yuv422p
|
||||
input.
|
||||
(CVE-2024-32229, bsc#1227277)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add ffmpeg-7-CVE-2024-32230.patch:
|
||||
Backporting 96449cfe from upstream, Fix 1 line and one column images.
|
||||
(CVE-2024-32230 bsc#1227296)
|
||||
(CVE-2024-32230, bsc#1227296)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao <qzhao@suse.com>
|
||||
|
@ -92,9 +92,6 @@ Summary: Set of libraries for working with various multimedia formats
|
||||
License: GPL-3.0-or-later
|
||||
Group: Productivity/Multimedia/Video/Editors and Convertors
|
||||
URL: https://ffmpeg.org/
|
||||
|
||||
#Freshcode-URL: http://freshcode.club/projects/ffmpeg
|
||||
#Git-Clone: git://source.ffmpeg.org/ffmpeg
|
||||
Source: https://www.ffmpeg.org/releases/%_name-%version.tar.xz
|
||||
Source2: https://www.ffmpeg.org/releases/%_name-%version.tar.xz.asc
|
||||
Source3: ffmpeg-7-rpmlintrc
|
||||
@ -113,6 +110,7 @@ Patch10: ffmpeg-chromium.patch
|
||||
Patch91: ffmpeg-dlopen-openh264.patch
|
||||
Patch92: ffmpeg-7-CVE-2024-32228.patch
|
||||
Patch93: ffmpeg-7-CVE-2024-32230.patch
|
||||
Patch94: ffmpeg-7-CVE-2024-32229.patch
|
||||
BuildRequires: ladspa-devel
|
||||
BuildRequires: libgsm-devel
|
||||
BuildRequires: libmp3lame-devel >= 3.98.3
|
||||
@ -825,6 +823,9 @@ Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch
|
||||
Patch5: work-around-abi-break.patch
|
||||
Patch10: ffmpeg-chromium.patch
|
||||
Patch91: ffmpeg-dlopen-openh264.patch
|
||||
Patch92: ffmpeg-7-CVE-2024-32228.patch
|
||||
Patch93: ffmpeg-7-CVE-2024-32230.patch
|
||||
Patch94: ffmpeg-7-CVE-2024-32229.patch
|
||||
BuildRequires: c_compiler
|
||||
Requires: this-is-only-for-build-envs
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user