From add6ccba5b02f4a709ee491dc331523983fa48f2b9ccfcd4beca71772e720c67 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Tue, 7 May 2024 14:51:29 +0000
Subject: [PATCH] Accepting request 1172424 from
 home:qzhao:branches:multimedia:libs

Add ffmpeg-CVE-2023-50010.patch to fix CVE bugs.

OBS-URL: https://build.opensuse.org/request/show/1172424
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=219
---
 ffmpeg-4.changes            |  7 +++++++
 ffmpeg-4.spec               |  1 +
 ffmpeg-CVE-2023-50010.patch | 28 ++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+)
 create mode 100644 ffmpeg-CVE-2023-50010.patch

diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index 20b5472..814e821 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Apr 27 11:38:35 UTC 2024 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-CVE-2023-50010.patch:
+  Backporting e4d2666b from upstream, fixes the out of array access.
+  (CVE-2023-50010 bsc#1223256)
+
 -------------------------------------------------------------------
 Fri Apr 26 22:16:48 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index b7b54ad..4d4cb05 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -130,6 +130,7 @@ Patch16:        0001-avfilter-vf_minterpolate-Check-pts-before-division.patch
 Patch17:        ffmpeg-CVE-2023-49502.patch
 Patch18:        ffmpeg-CVE-2023-51793.patch
 Patch19:        0001-avfilter-af_stereowiden-Check-length.patch
+Patch20:        ffmpeg-CVE-2023-50010.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
diff --git a/ffmpeg-CVE-2023-50010.patch b/ffmpeg-CVE-2023-50010.patch
new file mode 100644
index 0000000..6ddb999
--- /dev/null
+++ b/ffmpeg-CVE-2023-50010.patch
@@ -0,0 +1,28 @@
+commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (20231224_CVE-2023-50010_e4d2666bdc3dbd177a81bbf428654a5f2fa3787a)
+Author: Michael Niedermayer <michael@niedermayer.cc>
+Date:   Sun Dec 24 20:50:51 2023 +0100
+
+    avfilter/vf_gradfun: Do not overread last line
+    
+    The code works in steps of 2 lines and lacks support for odd height
+    Implementing odd height support is better but for now this fixes the
+    out of array access
+    
+    Fixes: out of array access
+    Fixes: tickets/10702/poc6ffmpe
+    
+    Found-by: Zeng Yunxiang
+    Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+diff -Nura ffmpeg-4.4.4/libavfilter/vf_gradfun.c ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c
+--- ffmpeg-4.4.4/libavfilter/vf_gradfun.c	2023-04-13 02:01:50.000000000 +0800
++++ ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c	2024-05-07 19:32:05.287848683 +0800
+@@ -93,7 +93,7 @@
+     for (y = 0; y < r; y++)
+         ctx->blur_line(dc, buf + y * bstride, buf + (y - 1) * bstride, src + 2 * y * src_linesize, src_linesize, width / 2);
+     for (;;) {
+-        if (y < height - r) {
++        if (y + 1 < height - r) {
+             int mod = ((y + r) / 2) % r;
+             uint16_t *buf0 = buf + mod * bstride;
+             uint16_t *buf1 = buf + (mod ? mod - 1 : r - 1) * bstride;