forked from jengelh/ffmpeg-5
67 lines
2.3 KiB
Diff
67 lines
2.3 KiB
Diff
From 459648761f5412acdc3317d5bac982ceaa257584
|
|
Author: Niklas Haas <git@haasn.dev>
|
|
Date: Sat Apr 6 13:11:09 2024 +0200
|
|
Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
|
|
References: CVE-2024-32228
|
|
References: bsc#1227277
|
|
Upstream: Backport from upstream
|
|
|
|
Invalid input files may contain film grain metadata which survives
|
|
ff_h274_film_grain_params_supported() but does not pass
|
|
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
|
|
|
|
Fix this by duplicating the av_film_grain_params_select() check at frame
|
|
init time.
|
|
|
|
An alternative solution here would be to defer the incompatibility check
|
|
to hevc_frame_end(), but this has the downside of allocating a film
|
|
grain buffer even when we already know we can't apply film grain.
|
|
|
|
Fixes: https://trac.ffmpeg.org/ticket/10951
|
|
|
|
--- ffmpeg-5.1.4/libavcodec/hevcdec.c
|
|
+++ ffmpeg-5.1.4_new/libavcodec/hevcdec.c
|
|
@@ -3035,12 +3035,29 @@
|
|
goto fail;
|
|
}
|
|
|
|
- s->ref->frame->key_frame = IS_IRAP(s);
|
|
+ if (IS_IRAP(s))
|
|
+ s->ref->frame->flags |= AV_FRAME_FLAG_KEY;
|
|
+ else
|
|
+ s->ref->frame->flags &= ~AV_FRAME_FLAG_KEY;
|
|
|
|
- s->ref->needs_fg = s->sei.film_grain_characteristics.present &&
|
|
+ s->ref->needs_fg = (s->sei.common.film_grain_characteristics.present ||
|
|
+ s->sei.common.aom_film_grain.enable) &&
|
|
!(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
|
|
!s->avctx->hwaccel;
|
|
|
|
+ ret = set_side_data(s);
|
|
+ if (ret < 0)
|
|
+ goto fail;
|
|
+
|
|
+ if (s->ref->needs_fg &&
|
|
+ ( s->sei.common.film_grain_characteristics.present &&
|
|
+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
|
|
+ s->ref->frame->format))
|
|
+ || !av_film_grain_params_select(s->ref->frame)) {
|
|
+ av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
|
|
+ "Unsupported film grain parameters. Ignoring film grain.\n");
|
|
+ s->ref->needs_fg = 0;
|
|
+ }
|
|
if (s->ref->needs_fg) {
|
|
s->ref->frame_grain->format = s->ref->frame->format;
|
|
s->ref->frame_grain->width = s->ref->frame->width;
|
|
@@ -3049,10 +3066,6 @@
|
|
goto fail;
|
|
}
|
|
|
|
- ret = set_side_data(s);
|
|
- if (ret < 0)
|
|
- goto fail;
|
|
-
|
|
s->frame->pict_type = 3 - s->sh.slice_type;
|
|
|
|
if (!IS_IRAP(s))
|