From 6e1ca12e6be4004ebe114d8da2b26a35161651c04aac7f2729b1fced4ea850c3 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Tue, 23 Apr 2024 14:33:01 +0000
Subject: [PATCH] - Address boo#1223304/CVE-2023-51798: add patch  
 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch

OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=211
---
 ...nterpolate-Check-pts-before-division.patch | 40 +++++++++++++++++++
 ffmpeg-4.changes                              |  6 +++
 ffmpeg-4.spec                                 |  1 +
 3 files changed, 47 insertions(+)
 create mode 100644 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch

diff --git a/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch b/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
new file mode 100644
index 0000000..8bff1b6
--- /dev/null
+++ b/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
@@ -0,0 +1,40 @@
+From 68146f06f852078866b3ef1564556e3a272920c7 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 30 Dec 2023 02:51:32 +0100
+Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division
+References: https://bugzilla.opensuse.org/1223304
+References: CVE-2023-51798
+
+Fixes: FPE
+Fixes: tickets/10758/poc20ffmpeg
+
+Discovered by Zeng Yunxiang
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavfilter/vf_minterpolate.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
+index 9920210ece..b2242a15ee 100644
+--- a/libavfilter/vf_minterpolate.c
++++ b/libavfilter/vf_minterpolate.c
+@@ -1075,8 +1075,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out)
+     pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den,
+                                    (int64_t)             outlink->time_base.den * inlink->time_base.num);
+ 
+-    alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
+-    alpha = av_clip(alpha, 0, ALPHA_MAX);
++    if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) {
++        alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
++        alpha = av_clip(alpha, 0, ALPHA_MAX);
++    } else {
++        av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n");
++        alpha = 0;
++    }
+ 
+     if (alpha == 0 || alpha == ALPHA_MAX) {
+         av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf);
+-- 
+2.44.0
+
diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index ed86223..c51e42b 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Apr 23 14:25:53 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Address boo#1223304/CVE-2023-51798: add patch
+  0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
+
 -------------------------------------------------------------------
 Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index ada5612..b449828 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -126,6 +126,7 @@ Patch12:        0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch
 Patch13:        0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch
 Patch14:        ffmpeg-glslang-cxx17.patch
 Patch15:        0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
+Patch16:        0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel