address +1 issue/CVE

OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-5?expand=0&rev=85
This commit is contained in:
Jan Engelhardt 2024-04-22 23:18:01 +00:00 committed by Git OBS Bridge
parent c7d526a909
commit 8acab4b7f8
3 changed files with 42 additions and 1 deletions

View File

@ -4,6 +4,8 @@ Date: Sun, 24 Dec 2023 20:31:02 +0100
Subject: [PATCH] avfilter/avf_showspectrum: fix off by 1 error
References: https://bugzilla.opensuse.org/1223087
References: CVE-2024-31585
References: https://bugzilla.opensuse.org/1223273
References: CVE-2023-51795
Fixes: out of array access
Fixes: tickets/10749/poc15ffmpeg

View File

@ -0,0 +1,32 @@
From 61e73851a33f0b4cb7662f8578a4695e77bd3c19 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 23 Dec 2023 18:04:32 +0100
Subject: [PATCH] avfilter/f_reverse: Apply PTS compensation only when pts is
available
References: https://bugzilla.opensuse.org/1223274
References: CVE-2023-51796
Fixes: out of array access
Fixes: tickets/10753/poc16ffmpeg
Regression since: 45dc668aea0edac34969b5a1ff76cf9ad3a09be1
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavfilter/f_reverse.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: ffmpeg-5.1.4/libavfilter/f_reverse.c
===================================================================
--- ffmpeg-5.1.4.orig/libavfilter/f_reverse.c
+++ ffmpeg-5.1.4/libavfilter/f_reverse.c
@@ -253,7 +253,8 @@ static int areverse_request_frame(AVFilt
if (ret == AVERROR_EOF && s->nb_frames > 0) {
AVFrame *out = s->frames[s->nb_frames - 1];
out->pts = s->pts[s->flush_idx++] - s->nb_samples;
- s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
+ if (s->nb_frames > 1)
+ s->nb_samples += s->pts[s->flush_idx] - s->pts[s->flush_idx - 1] - out->nb_samples;
if (av_sample_fmt_is_planar(out->format))
reverse_samples_planar(out);

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Apr 22 23:10:31 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Address boo#1223274/CVE-2023-51796: add patch
0001-avfilter-f_reverse-Apply-PTS-compensation-only-when-.patch
-------------------------------------------------------------------
Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
@ -9,7 +15,8 @@ Mon Apr 22 12:41:55 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch
- Address boo#1223085/CVE-2024-31582: add patch
0001-avfilter-vf_codecview-fix-heap-buffer-overflow.patch
- Address boo#1223087/CVE-2024-31585: add patch
- Address boo#1223087/CVE-2024-31585, boo#1223273/CVE-2023-51795:
add patch
0001-avfilter-avf_showspectrum-fix-off-by-1-error.patch
-------------------------------------------------------------------