Accepting request 921538 from multimedia:libs

- Add ffmpeg-CVE-2020-22037.patch

OBS-URL: https://build.opensuse.org/request/show/921538
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ffmpeg-4?expand=0&rev=44
This commit is contained in:
Dominique Leuenberger 2021-09-30 21:42:54 +00:00 committed by Git OBS Bridge
commit 4ba0155399
3 changed files with 64 additions and 0 deletions

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sun Sep 26 02:44:57 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>
- Add ffmpeg-CVE-2020-22037.patch: Backport from upstream to fix
denial of service vulnerability exists due to a memory leak in
avcodec_alloc_context3 at options.c (bsc#1186756).
-------------------------------------------------------------------
Fri Aug 27 07:09:15 UTC 2021 - Alynx Zhou <alynx.zhou@suse.com>

View File

@ -121,6 +121,7 @@ Patch9: ffmpeg-4.4-CVE-2020-22046.patch
Patch10: ffmpeg-CVE-2021-33815.patch
Patch11: ffmpeg-CVE-2021-38114.patch
Patch12: ffmpeg-CVE-2021-38171.patch
Patch13: ffmpeg-CVE-2020-22037.patch
BuildRequires: ladspa-devel
BuildRequires: libgsm-devel
BuildRequires: libmp3lame-devel

View File

@ -0,0 +1,56 @@
diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/frame_thread_encoder.c ffmpeg-4.4.new/libavcodec/frame_thread_encoder.c
--- ffmpeg-4.4.old/libavcodec/frame_thread_encoder.c 2021-04-09 05:28:39.000000000 +0800
+++ ffmpeg-4.4.new/libavcodec/frame_thread_encoder.c 2021-09-26 10:51:25.616140633 +0800
@@ -124,7 +124,7 @@
int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
int i=0;
ThreadContext *c;
-
+ AVCodecContext *thread_avctx = NULL;
if( !(avctx->thread_type & FF_THREAD_FRAME)
|| !(avctx->codec->capabilities & AV_CODEC_CAP_FRAME_THREADS))
@@ -205,16 +205,17 @@
AVDictionary *tmp = NULL;
int ret;
void *tmpv;
- AVCodecContext *thread_avctx = avcodec_alloc_context3(avctx->codec);
+ thread_avctx = avcodec_alloc_context3(avctx->codec);
if(!thread_avctx)
goto fail;
tmpv = thread_avctx->priv_data;
*thread_avctx = *avctx;
+ thread_avctx->priv_data = tmpv;
+ thread_avctx->internal = NULL;
+ thread_avctx->hw_frames_ctx = NULL;
ret = av_opt_copy(thread_avctx, avctx);
if (ret < 0)
goto fail;
- thread_avctx->priv_data = tmpv;
- thread_avctx->internal = NULL;
if (avctx->codec->priv_class) {
int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data);
if (ret < 0)
@@ -243,6 +244,8 @@
return 0;
fail:
+ avcodec_close(thread_avctx);
+ av_freep(&thread_avctx);
avctx->thread_count = i;
av_log(avctx, AV_LOG_ERROR, "ff_frame_thread_encoder_init failed\n");
ff_frame_thread_encoder_free(avctx);
diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/frame_thread_encoder.h ffmpeg-4.4.new/libavcodec/frame_thread_encoder.h
--- ffmpeg-4.4.old/libavcodec/frame_thread_encoder.h 2021-04-09 05:28:39.000000000 +0800
+++ ffmpeg-4.4.new/libavcodec/frame_thread_encoder.h 2021-09-26 10:52:37.122774657 +0800
@@ -23,6 +23,10 @@
#include "avcodec.h"
+/**
+ * Initialize frame thread encoder.
+ * @note hardware encoders are not supported
+ */
int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options);
void ff_frame_thread_encoder_free(AVCodecContext *avctx);
int ff_thread_video_encode_frame(AVCodecContext *avctx, AVPacket *pkt,