From eb61ca7811793b5e86f67a49f4f529379884c44212adb8de598810ebbcf89c07 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Sun, 22 Jan 2023 15:23:18 +0000
Subject: [PATCH] Accepting request 1059895 from
 home:AZhou:branches:multimedia:libs

- Add ffmpeg-CVE-2022-3341.patch: Backport from upstream to fix
  null pointer dereference in decode_main_header() in
  libavformat/nutdec.c (bsc#1206778).

OBS-URL: https://build.opensuse.org/request/show/1059895
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4?expand=0&rev=192
---
 ffmpeg-4.changes           |  7 ++++++
 ffmpeg-4.spec              |  3 ++-
 ffmpeg-CVE-2022-3341.patch | 44 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 ffmpeg-CVE-2022-3341.patch

diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index 8f1702f..f0c1317 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jan 20 07:22:58 UTC 2023 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add ffmpeg-CVE-2022-3341.patch: Backport from upstream to fix
+  null pointer dereference in decode_main_header() in
+  libavformat/nutdec.c (bsc#1206778).
+
 -------------------------------------------------------------------
 Fri Dec 23 08:09:25 UTC 2022 - Alynx Zhou <alynx.zhou@suse.com>
 
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index 2cb50c1..ffbb872 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package ffmpeg-4
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -122,6 +122,7 @@ Patch10:        ffmpeg-chromium.patch
 Patch11:        ffmpeg-libglslang-detection.patch
 Patch12:        ffmpeg-CVE-2022-3964.patch
 Patch13:        ffmpeg-CVE-2022-3109.patch
+Patch14:        ffmpeg-CVE-2022-3341.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
diff --git a/ffmpeg-CVE-2022-3341.patch b/ffmpeg-CVE-2022-3341.patch
new file mode 100644
index 0000000..69d06af
--- /dev/null
+++ b/ffmpeg-CVE-2022-3341.patch
@@ -0,0 +1,44 @@
+diff --unified --recursive --text --new-file --color ffmpeg-4.4.3.old/libavformat/nutdec.c ffmpeg-4.4.3.new/libavformat/nutdec.c
+--- ffmpeg-4.4.3.old/libavformat/nutdec.c	2022-10-10 03:04:43.000000000 +0800
++++ ffmpeg-4.4.3.new/libavformat/nutdec.c	2023-01-20 15:33:38.060002545 +0800
+@@ -358,8 +358,12 @@
+         ret = AVERROR(ENOMEM);
+         goto fail;
+     }
+-    for (i = 0; i < stream_count; i++)
+-        avformat_new_stream(s, NULL);
++    for (i = 0; i < stream_count; i++) {
++        if (!avformat_new_stream(s, NULL)) {
++            ret = AVERROR(ENOMEM);
++            goto fail;
++        }
++    }
+ 
+     return 0;
+ fail:
+@@ -807,19 +811,23 @@
+     NUTContext *nut = s->priv_data;
+     AVIOContext *bc = s->pb;
+     int64_t pos;
+-    int initialized_stream_count;
++    int initialized_stream_count, ret;
+ 
+     nut->avf = s;
+ 
+     /* main header */
+     pos = 0;
++    ret = 0;
+     do {
++        if (ret == AVERROR(ENOMEM))
++            return ret;
++
+         pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
+         if (pos < 0 + 1) {
+             av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
+             goto fail;
+         }
+-    } while (decode_main_header(nut) < 0);
++    } while ((ret = decode_main_header(nut)) < 0);
+ 
+     /* stream headers */
+     pos = 0;