diff --git a/0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch b/0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch deleted file mode 100644 index c751a54..0000000 --- a/0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch +++ /dev/null @@ -1,47 +0,0 @@ -From c3c8f97a9804b4234e97f13b0057ffc2c9af27c0 Mon Sep 17 00:00:00 2001 -From: Christopher Degawa -Date: Thu, 20 Oct 2022 22:55:27 -0500 -Subject: [PATCH] avcodec/libsvtav1: remove compressed_ten_bit_format and - simplify alloc_buffer - -compressed_ten_bit_format has been deprecated upstream and has no effect -and can be removed. Plus, technically it was never used in the first place -since it would require the app (ffmpeg) to set it and do additional -processing of the input frames. - -Also simplify alloc_buffer by removing calculations relating to the -non-existant processing. - -Signed-off-by: Christopher Degawa -(cherry picked from commit 031f1561cd286596cdb374da32f8aa816ce3b135) ---- - libavcodec/libsvtav1.c | 10 +++------- - 1 file changed, 3 insertions(+), 7 deletions(-) - -diff --git a/libavcodec/libsvtav1.c b/libavcodec/libsvtav1.c -index cfd93a2484..38777b0fb7 100644 ---- a/libavcodec/libsvtav1.c -+++ b/libavcodec/libsvtav1.c -@@ -120,16 +120,12 @@ static int svt_print_error(void *log_ctx, EbErrorType err, - - static int alloc_buffer(EbSvtAv1EncConfiguration *config, SvtContext *svt_enc) - { -- const int pack_mode_10bit = -- (config->encoder_bit_depth > 8) && (config->compressed_ten_bit_format == 0) ? 1 : 0; -- const size_t luma_size_8bit = -- config->source_width * config->source_height * (1 << pack_mode_10bit); -- const size_t luma_size_10bit = -- (config->encoder_bit_depth > 8 && pack_mode_10bit == 0) ? luma_size_8bit : 0; -+ const size_t luma_size = config->source_width * config->source_height * -+ (config->encoder_bit_depth > 8 ? 2 : 1); - - EbSvtIOFormat *in_data; - -- svt_enc->raw_size = (luma_size_8bit + luma_size_10bit) * 3 / 2; -+ svt_enc->raw_size = luma_size * 3 / 2; - - // allocate buffer for in and out - svt_enc->in_buf = av_mallocz(sizeof(*svt_enc->in_buf)); --- -2.41.0 - diff --git a/0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch b/0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch deleted file mode 100644 index 511e302..0000000 --- a/0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch +++ /dev/null @@ -1,76 +0,0 @@ -From effadce6c756247ea8bae32dc13bb3e6f464f0eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?R=C3=A9mi=20Denis-Courmont?= -Date: Sun, 16 Jul 2023 18:18:02 +0300 -Subject: [PATCH] avcodec/x86/mathops: clip constants used with shift - instructions within inline assembly - -Fixes assembling with binutil as >= 2.41 - -Signed-off-by: James Almer ---- - libavcodec/x86/mathops.h | 26 +++++++++++++++++++++++--- - 1 file changed, 23 insertions(+), 3 deletions(-) - -diff --git a/libavcodec/x86/mathops.h b/libavcodec/x86/mathops.h -index 6298f5ed19..ca7e2dffc1 100644 ---- a/libavcodec/x86/mathops.h -+++ b/libavcodec/x86/mathops.h -@@ -35,12 +35,20 @@ - static av_always_inline av_const int MULL(int a, int b, unsigned shift) - { - int rt, dummy; -+ if (__builtin_constant_p(shift)) - __asm__ ( - "imull %3 \n\t" - "shrdl %4, %%edx, %%eax \n\t" - :"=a"(rt), "=d"(dummy) -- :"a"(a), "rm"(b), "ci"((uint8_t)shift) -+ :"a"(a), "rm"(b), "i"(shift & 0x1F) - ); -+ else -+ __asm__ ( -+ "imull %3 \n\t" -+ "shrdl %4, %%edx, %%eax \n\t" -+ :"=a"(rt), "=d"(dummy) -+ :"a"(a), "rm"(b), "c"((uint8_t)shift) -+ ); - return rt; - } - -@@ -113,19 +121,31 @@ __asm__ volatile(\ - // avoid +32 for shift optimization (gcc should do that ...) - #define NEG_SSR32 NEG_SSR32 - static inline int32_t NEG_SSR32( int32_t a, int8_t s){ -+ if (__builtin_constant_p(s)) - __asm__ ("sarl %1, %0\n\t" - : "+r" (a) -- : "ic" ((uint8_t)(-s)) -+ : "i" (-s & 0x1F) - ); -+ else -+ __asm__ ("sarl %1, %0\n\t" -+ : "+r" (a) -+ : "c" ((uint8_t)(-s)) -+ ); - return a; - } - - #define NEG_USR32 NEG_USR32 - static inline uint32_t NEG_USR32(uint32_t a, int8_t s){ -+ if (__builtin_constant_p(s)) - __asm__ ("shrl %1, %0\n\t" - : "+r" (a) -- : "ic" ((uint8_t)(-s)) -+ : "i" (-s & 0x1F) - ); -+ else -+ __asm__ ("shrl %1, %0\n\t" -+ : "+r" (a) -+ : "c" ((uint8_t)(-s)) -+ ); - return a; - } - --- -2.42.0 - diff --git a/0001-avfilter-af_stereowiden-Check-length.patch b/0001-avfilter-af_stereowiden-Check-length.patch deleted file mode 100644 index 3d439ab..0000000 --- a/0001-avfilter-af_stereowiden-Check-length.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sat, 23 Dec 2023 04:03:01 +0100 -Subject: [PATCH] avfilter/af_stereowiden: Check length -References: https://bugzilla.opensuse.org/1223437 -References: CVE-2023-51794 - -Fixes: out of array access -Fixes: tickets/10746/poc13ffmpeg - -Found-by: Zeng Yunxiang -Signed-off-by: Michael Niedermayer ---- - libavfilter/af_stereowiden.c | 2 ++ - 1 file changed, 2 insertions(+) - -Index: ffmpeg-4.4.4/libavfilter/af_stereowiden.c -=================================================================== ---- ffmpeg-4.4.4.orig/libavfilter/af_stereowiden.c -+++ ffmpeg-4.4.4/libavfilter/af_stereowiden.c -@@ -75,6 +75,8 @@ static int config_input(AVFilterLink *in - - s->length = s->delay * inlink->sample_rate / 1000; - s->length *= 2; -+ if (s->length == 0) -+ return AVERROR(EINVAL); - s->buffer = av_calloc(s->length, sizeof(*s->buffer)); - if (!s->buffer) - return AVERROR(ENOMEM); diff --git a/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch b/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch deleted file mode 100644 index 8bff1b6..0000000 --- a/0001-avfilter-vf_minterpolate-Check-pts-before-division.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 68146f06f852078866b3ef1564556e3a272920c7 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Sat, 30 Dec 2023 02:51:32 +0100 -Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division -References: https://bugzilla.opensuse.org/1223304 -References: CVE-2023-51798 - -Fixes: FPE -Fixes: tickets/10758/poc20ffmpeg - -Discovered by Zeng Yunxiang - -Signed-off-by: Michael Niedermayer ---- - libavfilter/vf_minterpolate.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c -index 9920210ece..b2242a15ee 100644 ---- a/libavfilter/vf_minterpolate.c -+++ b/libavfilter/vf_minterpolate.c -@@ -1075,8 +1075,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out) - pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den, - (int64_t) outlink->time_base.den * inlink->time_base.num); - -- alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts); -- alpha = av_clip(alpha, 0, ALPHA_MAX); -+ if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) { -+ alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts); -+ alpha = av_clip(alpha, 0, ALPHA_MAX); -+ } else { -+ av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n"); -+ alpha = 0; -+ } - - if (alpha == 0 || alpha == ALPHA_MAX) { - av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf); --- -2.44.0 - diff --git a/ffmpeg-4-CVE-2024-32230.patch b/ffmpeg-4-CVE-2024-32230.patch deleted file mode 100644 index c4058f0..0000000 --- a/ffmpeg-4-CVE-2024-32230.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 -Author: Michael Niedermayer -Date: Mon Apr 8 18:38:42 2024 +0200 - - avcodec/mpegvideo_enc: Fix 1 line and one column images - - Fixes: Ticket10952 - Fixes: poc21ffmpeg - Signed-off-by: Michael Niedermayer - ---- ffmpeg-4.4.4/libavcodec/mpegvideo_enc.c -+++ ffmpeg-4.4.4_new/libavcodec/mpegvideo_enc.c -@@ -1263,8 +1263,8 @@ - int dst_stride = i ? s->uvlinesize : s->linesize; - int h_shift = i ? h_chroma_shift : 0; - int v_shift = i ? v_chroma_shift : 0; -- int w = s->width >> h_shift; -- int h = s->height >> v_shift; -+ int w = AV_CEIL_RSHIFT(s->width , h_shift); -+ int h = AV_CEIL_RSHIFT(s->height, v_shift); - uint8_t *src = pic_arg->data[i]; - uint8_t *dst = pic->f->data[i]; - int vpad = 16; diff --git a/ffmpeg-4-CVE-2024-7055.patch b/ffmpeg-4-CVE-2024-7055.patch deleted file mode 100644 index 3bf12aa..0000000 --- a/ffmpeg-4-CVE-2024-7055.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer -Date: Thu, 18 Jul 2024 21:12:54 +0200 -Subject: [PATCH] avcodec/pnmdec: Use 64bit for input size check -References: CVE-2024-7055 -References: bsc#1229026 -Upstream: Backport from upstream - -Fixes: out of array read -Fixes: poc3 - -Reported-by: VulDB CNA Team -Found-by: CookedMelon -Signed-off-by: Michael Niedermayer ---- - libavcodec/pnmdec.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- ffmpeg-4.4.4/libavcodec/pnmdec.c -+++ ffmpeg-4.4.4_new/libavcodec/pnmdec.c -@@ -256,7 +256,7 @@ - } - break; - case AV_PIX_FMT_GBRPF32: -- if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream) -+ if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream) - return AVERROR_INVALIDDATA; - scale = 1.f / s->scale; - if (s->endian) { diff --git a/ffmpeg-4.2-dlopen-fdk_aac.patch b/ffmpeg-4.2-dlopen-fdk_aac.patch index 6009c2a..b25c3be 100644 --- a/ffmpeg-4.2-dlopen-fdk_aac.patch +++ b/ffmpeg-4.2-dlopen-fdk_aac.patch @@ -1,7 +1,14 @@ -Index: ffmpeg-4.4.3/configure +--- + configure | 3 ++ + libavcodec/dlopen.h | 12 ++++++++++ + libavcodec/libfdk-aacdec.c | 53 +++++++++++++++++++++++++++++++++++++++++++++ + libavcodec/libfdk-aacenc.c | 47 +++++++++++++++++++++++++++++++++++++++ + 4 files changed, 115 insertions(+) + +Index: ffmpeg-4.4.5/configure =================================================================== ---- ffmpeg-4.4.3.orig/configure -+++ ffmpeg-4.4.3/configure +--- ffmpeg-4.4.5.orig/configure ++++ ffmpeg-4.4.5/configure @@ -232,6 +232,7 @@ External library support: --enable-libdc1394 enable IIDC-1394 grabbing using libdc1394 and libraw1394 [no] @@ -15,10 +22,10 @@ Index: ffmpeg-4.4.3/configure decklink libfdk_aac + libfdk_aac_dlopen - openssl libtls " -@@ -6368,6 +6370,7 @@ enabled libdrm && require_pkg + +@@ -6370,6 +6372,7 @@ enabled libdrm && require_pkg enabled libfdk_aac && { check_pkg_config libfdk_aac fdk-aac "fdk-aac/aacenc_lib.h" aacEncOpen || { require libfdk_aac fdk-aac/aacenc_lib.h aacEncOpen -lfdk-aac && warn "using libfdk without pkg-config"; } } @@ -26,10 +33,10 @@ Index: ffmpeg-4.4.3/configure flite_extralibs="-lflite_cmu_time_awb -lflite_cmu_us_awb -lflite_cmu_us_kal -lflite_cmu_us_kal16 -lflite_cmu_us_rms -lflite_cmu_us_slt -lflite_usenglish -lflite_cmulex -lflite" enabled libflite && require libflite "flite/flite.h" flite_init $flite_extralibs enabled fontconfig && enable libfontconfig -Index: ffmpeg-4.4.3/libavcodec/dlopen.h +Index: ffmpeg-4.4.5/libavcodec/dlopen.h =================================================================== --- /dev/null -+++ ffmpeg-4.4.3/libavcodec/dlopen.h ++++ ffmpeg-4.4.5/libavcodec/dlopen.h @@ -0,0 +1,12 @@ +#ifndef LOCALINC_DLOPEN_H +#define LOCALINC_DLOPEN_H @@ -43,10 +50,10 @@ Index: ffmpeg-4.4.3/libavcodec/dlopen.h + goto error; + +#endif -Index: ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c +Index: ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c =================================================================== ---- ffmpeg-4.4.3.orig/libavcodec/libfdk-aacdec.c -+++ ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c +--- ffmpeg-4.4.5.orig/libavcodec/libfdk-aacdec.c ++++ ffmpeg-4.4.5/libavcodec/libfdk-aacdec.c @@ -37,6 +37,54 @@ #define AAC_PCM_MAX_OUTPUT_CHANNELS AAC_PCM_OUTPUT_CHANNELS #endif @@ -114,10 +121,10 @@ Index: ffmpeg-4.4.3/libavcodec/libfdk-aacdec.c s->handle = aacDecoder_Open(avctx->extradata_size ? TT_MP4_RAW : TT_MP4_ADTS, 1); if (!s->handle) { av_log(avctx, AV_LOG_ERROR, "Error opening decoder\n"); -Index: ffmpeg-4.4.3/libavcodec/libfdk-aacenc.c +Index: ffmpeg-4.4.5/libavcodec/libfdk-aacenc.c =================================================================== ---- ffmpeg-4.4.3.orig/libavcodec/libfdk-aacenc.c -+++ ffmpeg-4.4.3/libavcodec/libfdk-aacenc.c +--- ffmpeg-4.4.5.orig/libavcodec/libfdk-aacenc.c ++++ ffmpeg-4.4.5/libavcodec/libfdk-aacenc.c @@ -35,6 +35,48 @@ #define FDKENC_VER_AT_LEAST(vl0, vl1) 0 #endif diff --git a/ffmpeg-4.4.4.tar.xz b/ffmpeg-4.4.4.tar.xz deleted file mode 100644 index 0034acb..0000000 --- a/ffmpeg-4.4.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e80b380d595c809060f66f96a5d849511ef4a76a26b76eacf5778b94c3570309 -size 9565584 diff --git a/ffmpeg-4.4.4.tar.xz.asc b/ffmpeg-4.4.4.tar.xz.asc deleted file mode 100644 index 188b614..0000000 --- a/ffmpeg-4.4.4.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQFMBAABCAA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmQ2/oUYHGZmbXBlZy1k -ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYkGMH/iRlBGO1ZcCPnNpJt6pAqxcY -cP4hmanIPLLBPQfbHIwGUJDiTDIpXuFeWC7dt08Q8ndXtXbjTJ0T+hZP7Riuzns8 -bwXfrCRioKlmIZSUg9WMErNW+vE/nUFn20q4PdzaWbeUbIsZEW6Btt4C4JuBCLsn -K2WZa7/GwaMnLLPIUIaNzW//aeUj11IhY74qB3k5nOhidgptY1en7xa9x1kZ3dvW -wx2vO+2fS5SlvBfj2KFAey+FX2LAEZFjRaiWRnzlO5daqO4acWMtRAQeMk5rs21W -NeTZUqZoPaaNfcFz1yWsBv19Fte4R9D8oD4TwMd5ikZZ2hjV+N+EMEFNWLoH02Q= -=e6RR ------END PGP SIGNATURE----- diff --git a/ffmpeg-4.4.5.tar.xz b/ffmpeg-4.4.5.tar.xz new file mode 100644 index 0000000..ab81e13 --- /dev/null +++ b/ffmpeg-4.4.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f9514e0d3515aee5a271283df71636e1d1ff7274b15853bcd84e144be416ab07 +size 9575596 diff --git a/ffmpeg-4.4.5.tar.xz.asc b/ffmpeg-4.4.5.tar.xz.asc new file mode 100644 index 0000000..fefd688 --- /dev/null +++ b/ffmpeg-4.4.5.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQFMBAABCgA2FiEE/PmG6hXm4pOlZE8QtDIvBNZ2WNgFAmamzJUYHGZmbXBlZy1k +ZXZlbEBmZm1wZWcub3JnAAoJELQyLwTWdljYZP8H/27rVRh4/NOvhP5JN2FhhWfo +BmAYgHWLag3a8P4yShGGgxhLjnd7LKOdSTIOb67Q7CgqzsQCV7c+VgUp068uhCod +J0TgnefWzw+iR3zupKEVRoFEsy/3A5RWXVWx42B7WTpkkShQWXaPHvUdH9ELwwfK +mq3TQMygmjjzDIa677i3uNUrb2CGyxdUXqGzmatUfrtXm0/mqUtz41neS5tuLQn5 +xXcpmtsElkLK4ZaQWRC8w6emEyx49MqyRw7tTjIh/lPN+KTBUtcrYgDeCJt25H9s +2Hm9Obax0z2fPi71eP7GkbVXrGmwL1DcSegFW+TCW5CniWkWaWKe4+qDMepPtIo= +=byXw +-----END PGP SIGNATURE----- diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes index 8c69dad..6e589c5 100644 --- a/ffmpeg-4.changes +++ b/ffmpeg-4.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Mon Jan 6 11:53:32 UTC 2025 - Jan Engelhardt + +- Update to release 4.4.5 + * Reliability/bug fixes +- Delete + 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch + 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch + 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch + ffmpeg-CVE-2023-51793.patch + 0001-avfilter-af_stereowiden-Check-length.patch + ffmpeg-CVE-2023-50010.patch + ffmpeg-4-CVE-2024-32230.patch + ffmpeg-4-CVE-2024-7055.patch (all merged) + ------------------------------------------------------------------- Fri Sep 6 15:06:21 UTC 2024 - Cliff Zhao diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec index f65735d..dc7783d 100644 --- a/ffmpeg-4.spec +++ b/ffmpeg-4.spec @@ -1,7 +1,7 @@ # # spec file for package ffmpeg-4 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -98,7 +98,7 @@ %define _major_version 4 %define _major_expected 5 Name: ffmpeg-4 -Version: 4.4.4 +Version: 4.4.5 Release: 0 Summary: Set of libraries for working with various multimedia formats License: GPL-3.0-or-later @@ -122,19 +122,11 @@ Patch5: soversion.patch Patch9: ffmpeg-4.4-CVE-2020-22046.patch Patch10: ffmpeg-chromium.patch Patch11: ffmpeg-libglslang-detection.patch -Patch12: 0001-avcodec-libsvtav1-remove-compressed_ten_bit_format-a.patch -Patch13: 0001-avcodec-x86-mathops-clip-constants-used-with-shift-i.patch Patch14: ffmpeg-glslang-cxx17.patch Patch15: 0001-avutil-hwcontext-Don-t-assume-frames_uninit-is-reent.patch -Patch16: 0001-avfilter-vf_minterpolate-Check-pts-before-division.patch Patch17: ffmpeg-CVE-2023-49502.patch -Patch18: ffmpeg-CVE-2023-51793.patch -Patch19: 0001-avfilter-af_stereowiden-Check-length.patch -Patch20: ffmpeg-CVE-2023-50010.patch -Patch21: ffmpeg-4-CVE-2024-32230.patch Patch22: ffmpeg-c99.patch Patch23: 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch -Patch24: ffmpeg-4-CVE-2024-7055.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel diff --git a/ffmpeg-CVE-2023-50010.patch b/ffmpeg-CVE-2023-50010.patch deleted file mode 100644 index 5d78ab3..0000000 --- a/ffmpeg-CVE-2023-50010.patch +++ /dev/null @@ -1,30 +0,0 @@ -commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (20231224_CVE-2023-50010_e4d2666bdc3dbd177a81bbf428654a5f2fa3787a) -Author: Michael Niedermayer -Date: Sun Dec 24 20:50:51 2023 +0100 -References: CVE-2023-50010 -References: https://bugzilla.opensuse.org/1172424 - -avfilter/vf_gradfun: Do not overread last line - -The code works in steps of 2 lines and lacks support for odd height -Implementing odd height support is better but for now this fixes the -out of array access - -Fixes: out of array access -Fixes: tickets/10702/poc6ffmpe - -Found-by: Zeng Yunxiang -Signed-off-by: Michael Niedermayer - -diff -Nura ffmpeg-4.4.4/libavfilter/vf_gradfun.c ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c ---- ffmpeg-4.4.4/libavfilter/vf_gradfun.c 2023-04-13 02:01:50.000000000 +0800 -+++ ffmpeg-4.4.4_new/libavfilter/vf_gradfun.c 2024-05-07 19:32:05.287848683 +0800 -@@ -93,7 +93,7 @@ - for (y = 0; y < r; y++) - ctx->blur_line(dc, buf + y * bstride, buf + (y - 1) * bstride, src + 2 * y * src_linesize, src_linesize, width / 2); - for (;;) { -- if (y < height - r) { -+ if (y + 1 < height - r) { - int mod = ((y + r) / 2) % r; - uint16_t *buf0 = buf + mod * bstride; - uint16_t *buf1 = buf + (mod ? mod - 1 : r - 1) * bstride; diff --git a/ffmpeg-CVE-2023-51793.patch b/ffmpeg-CVE-2023-51793.patch deleted file mode 100644 index d61dff6..0000000 --- a/ffmpeg-CVE-2023-51793.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0ecc1f0e48930723d7a467761b66850811c23e62 -From: Michael Niedermayer -Date: Fri Dec 22 12:31:35 2023 +0100 -Subject: avfilter/vf_weave: Fix odd height handling -References: https://bugzilla.opensuse.org/1223272 -References: CVE-2023-51793 - -Fixes: out of array access -Fixes: tickets/10743/poc10ffmpeg - -Found-by: Zeng Yunxiang and Li Zeyuan -Signed-off-by: Michael Niedermayer - -diff -Nura ffmpeg-4.4.4/libavfilter/vf_weave.c ffmpeg-4.4.4_new/libavfilter/vf_weave.c ---- ffmpeg-4.4.4/libavfilter/vf_weave.c 2023-04-13 02:01:50.000000000 +0800 -+++ ffmpeg-4.4.4_new/libavfilter/vf_weave.c 2024-04-26 02:30:07.113807721 +0800 -@@ -30,6 +30,7 @@ - int double_weave; - int nb_planes; - int planeheight[4]; -+ int outheight[4]; - int linesize[4]; - - AVFrame *prev; -@@ -85,6 +86,9 @@ - s->planeheight[1] = s->planeheight[2] = AV_CEIL_RSHIFT(inlink->h, desc->log2_chroma_h); - s->planeheight[0] = s->planeheight[3] = inlink->h; - -+ s->outheight[1] = s->outheight[2] = AV_CEIL_RSHIFT(2*inlink->h, desc->log2_chroma_h); -+ s->outheight[0] = s->outheight[3] = 2*inlink->h; -+ - s->nb_planes = av_pix_fmt_count_planes(inlink->format); - - return 0; -@@ -110,19 +114,20 @@ - const int height = s->planeheight[i]; - const int start = (height * jobnr) / nb_jobs; - const int end = (height * (jobnr+1)) / nb_jobs; -+ const int compensation = 2*end > s->outheight[i]; - - av_image_copy_plane(out->data[i] + out->linesize[i] * field1 + - out->linesize[i] * start * 2, - out->linesize[i] * 2, - in->data[i] + start * in->linesize[i], - in->linesize[i], -- s->linesize[i], end - start); -+ s->linesize[i], end - start - compensation * field1); - av_image_copy_plane(out->data[i] + out->linesize[i] * field2 + - out->linesize[i] * start * 2, - out->linesize[i] * 2, - s->prev->data[i] + start * s->prev->linesize[i], - s->prev->linesize[i], -- s->linesize[i], end - start); -+ s->linesize[i], end - start - compensation * field2); - } - - return 0;