From 10330b2059fb17916dceb44bdb9cab17df2b01fabe7e90a1e6effdcb818930bf Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 23 Dec 2022 10:14:13 +0000
Subject: [PATCH] Accepting request 1044384 from
 home:AZhou:branches:multimedia:libs

- Add ffmpeg-CVE-2022-3109.patch: Backport from upstream to fix
  null pointer dereference in vp3_decode_frame() (bsc#1206442).

OBS-URL: https://build.opensuse.org/request/show/1044384
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=190
---
 ffmpeg-4.changes           |  6 ++++++
 ffmpeg-4.spec              |  1 +
 ffmpeg-CVE-2022-3109.patch | 18 ++++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 ffmpeg-CVE-2022-3109.patch

diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index 20533a5..8f1702f 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Dec 23 08:09:25 UTC 2022 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add ffmpeg-CVE-2022-3109.patch: Backport from upstream to fix
+  null pointer dereference in vp3_decode_frame() (bsc#1206442).
+
 -------------------------------------------------------------------
 Wed Nov 16 01:31:02 UTC 2022 - Alynx Zhou <alynx.zhou@suse.com>
 
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index f4e4190..2cb50c1 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -121,6 +121,7 @@ Patch9:         ffmpeg-4.4-CVE-2020-22046.patch
 Patch10:        ffmpeg-chromium.patch
 Patch11:        ffmpeg-libglslang-detection.patch
 Patch12:        ffmpeg-CVE-2022-3964.patch
+Patch13:        ffmpeg-CVE-2022-3109.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
diff --git a/ffmpeg-CVE-2022-3109.patch b/ffmpeg-CVE-2022-3109.patch
new file mode 100644
index 0000000..d952c1a
--- /dev/null
+++ b/ffmpeg-CVE-2022-3109.patch
@@ -0,0 +1,18 @@
+diff --unified --recursive --text --new-file --color ffmpeg-4.4.3.old/libavcodec/vp3.c ffmpeg-4.4.3.new/libavcodec/vp3.c
+--- ffmpeg-4.4.3.old/libavcodec/vp3.c	2022-10-10 03:04:38.000000000 +0800
++++ ffmpeg-4.4.3.new/libavcodec/vp3.c	2022-12-23 16:25:47.902576459 +0800
+@@ -2683,8 +2683,13 @@
+     if ((ret = ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF)) < 0)
+         goto error;
+ 
+-    if (!s->edge_emu_buffer)
++    if (!s->edge_emu_buffer) {
+         s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
++        if (!s->edge_emu_buffer) {
++            ret = AVERROR(ENOMEM);
++            goto error;
++        }
++    }
+ 
+     if (s->keyframe) {
+         if (!s->theora) {