Accepting request 1044594 from multimedia:libs

- Add ffmpeg-CVE-2022-3109.patch: Backport from upstream to fix
  null pointer dereference in vp3_decode_frame() (bsc#1206442). (forwarded request 1044384 from AZhou)

OBS-URL: https://build.opensuse.org/request/show/1044594
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ffmpeg-4?expand=0&rev=56

ffmpeg-4.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Dec 23 08:09:25 UTC 2022 - Alynx Zhou <alynx.zhou@suse.com>
+
+- Add ffmpeg-CVE-2022-3109.patch: Backport from upstream to fix
+  null pointer dereference in vp3_decode_frame() (bsc#1206442).
+
 -------------------------------------------------------------------
 Wed Nov 16 01:31:02 UTC 2022 - Alynx Zhou <alynx.zhou@suse.com>
 

ffmpeg-4.spec

@@ -121,6 +121,7 @@ Patch9:         ffmpeg-4.4-CVE-2020-22046.patch
 Patch10:        ffmpeg-chromium.patch
 Patch11:        ffmpeg-libglslang-detection.patch
 Patch12:        ffmpeg-CVE-2022-3964.patch
+Patch13:        ffmpeg-CVE-2022-3109.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel

ffmpeg-CVE-2022-3109.patch

@@ -0,0 +1,18 @@
+diff --unified --recursive --text --new-file --color ffmpeg-4.4.3.old/libavcodec/vp3.c ffmpeg-4.4.3.new/libavcodec/vp3.c
+--- ffmpeg-4.4.3.old/libavcodec/vp3.c	2022-10-10 03:04:38.000000000 +0800
++++ ffmpeg-4.4.3.new/libavcodec/vp3.c	2022-12-23 16:25:47.902576459 +0800
+@@ -2683,8 +2683,13 @@
+     if ((ret = ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF)) < 0)
+         goto error;
+ 
+-    if (!s->edge_emu_buffer)
++    if (!s->edge_emu_buffer) {
+         s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
++        if (!s->edge_emu_buffer) {
++            ret = AVERROR(ENOMEM);
++            goto error;
++        }
++    }
+ 
+     if (s->keyframe) {
+         if (!s->theora) {