forked from jengelh/ffmpeg-4
Accepting request 1036210 from multimedia:libs
- Add ffmpeg-CVE-2022-3964.patch: Backport from upstream to fix out of bounds read in update_block_in_prev_frame() (bsc#1205388). (forwarded request 1035935 from AZhou) OBS-URL: https://build.opensuse.org/request/show/1036210 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ffmpeg-4?expand=0&rev=55
This commit is contained in:
commit
f04d8f4ca8
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Nov 16 01:31:02 UTC 2022 - Alynx Zhou <alynx.zhou@suse.com>
|
||||||
|
|
||||||
|
- Add ffmpeg-CVE-2022-3964.patch: Backport from upstream to fix
|
||||||
|
out of bounds read in update_block_in_prev_frame() (bsc#1205388).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Oct 10 11:18:30 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
Mon Oct 10 11:18:30 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||||
|
|
||||||
|
@ -120,6 +120,7 @@ Patch8: vmaf-trim-usr-local.patch
|
|||||||
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
|
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
|
||||||
Patch10: ffmpeg-chromium.patch
|
Patch10: ffmpeg-chromium.patch
|
||||||
Patch11: ffmpeg-libglslang-detection.patch
|
Patch11: ffmpeg-libglslang-detection.patch
|
||||||
|
Patch12: ffmpeg-CVE-2022-3964.patch
|
||||||
BuildRequires: ladspa-devel
|
BuildRequires: ladspa-devel
|
||||||
BuildRequires: libgsm-devel
|
BuildRequires: libgsm-devel
|
||||||
BuildRequires: libmp3lame-devel
|
BuildRequires: libmp3lame-devel
|
||||||
|
70
ffmpeg-CVE-2022-3964.patch
Normal file
70
ffmpeg-CVE-2022-3964.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/rpzaenc.c ffmpeg-4.4.new/libavcodec/rpzaenc.c
|
||||||
|
--- ffmpeg-4.4.old/libavcodec/rpzaenc.c 2022-11-15 14:41:42.262978968 +0800
|
||||||
|
+++ ffmpeg-4.4.new/libavcodec/rpzaenc.c 2022-11-15 14:43:37.183516204 +0800
|
||||||
|
@@ -204,7 +204,7 @@
|
||||||
|
|
||||||
|
// loop thru and compare pixels
|
||||||
|
for (y = 0; y < bi->block_height; y++) {
|
||||||
|
- for (x = 0; x < bi->block_width; x++){
|
||||||
|
+ for (x = 0; x < bi->block_width; x++) {
|
||||||
|
// TODO: optimize
|
||||||
|
min_r = FFMIN(R(block_ptr[x]), min_r);
|
||||||
|
min_g = FFMIN(G(block_ptr[x]), min_g);
|
||||||
|
@@ -276,7 +276,7 @@
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
for (i = 0; i < bi->block_height; i++) {
|
||||||
|
- for (j = 0; j < bi->block_width; j++){
|
||||||
|
+ for (j = 0; j < bi->block_width; j++) {
|
||||||
|
x = GET_CHAN(block_ptr[j], xchannel);
|
||||||
|
y = GET_CHAN(block_ptr[j], ychannel);
|
||||||
|
sumx += x;
|
||||||
|
@@ -323,7 +323,7 @@
|
||||||
|
int max_err = 0;
|
||||||
|
|
||||||
|
for (i = 0; i < bi->block_height; i++) {
|
||||||
|
- for (j = 0; j < bi->block_width; j++){
|
||||||
|
+ for (j = 0; j < bi->block_width; j++) {
|
||||||
|
int x_inc, lin_y, lin_x;
|
||||||
|
x = GET_CHAN(block_ptr[j], xchannel);
|
||||||
|
y = GET_CHAN(block_ptr[j], ychannel);
|
||||||
|
@@ -418,7 +418,9 @@
|
||||||
|
uint16_t *dest_pixels,
|
||||||
|
const BlockInfo *bi, int block_counter)
|
||||||
|
{
|
||||||
|
- for (int y = 0; y < 4; y++) {
|
||||||
|
+ const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
|
||||||
|
+
|
||||||
|
+ for (int y = 0; y < y_size; y++) {
|
||||||
|
memcpy(dest_pixels, src_pixels, 8);
|
||||||
|
dest_pixels += bi->rowstride;
|
||||||
|
src_pixels += bi->rowstride;
|
||||||
|
@@ -728,13 +730,14 @@
|
||||||
|
|
||||||
|
if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
|
||||||
|
uint16_t *row_ptr;
|
||||||
|
- int rgb555;
|
||||||
|
+ int y_size, rgb555;
|
||||||
|
|
||||||
|
block_offset = get_block_info(&bi, block_counter);
|
||||||
|
|
||||||
|
row_ptr = &src_pixels[block_offset];
|
||||||
|
+ y_size = FFMIN(4, bi.image_height - bi.row * 4);
|
||||||
|
|
||||||
|
- for (int y = 0; y < 4; y++) {
|
||||||
|
+ for (int y = 0; y < y_size; y++) {
|
||||||
|
for (int x = 0; x < 4; x++){
|
||||||
|
rgb555 = row_ptr[x] & ~0x8000;
|
||||||
|
|
||||||
|
@@ -743,6 +746,11 @@
|
||||||
|
row_ptr += bi.rowstride;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ for (int y = y_size; y < 4; y++) {
|
||||||
|
+ for (int x = 0; x < 4; x++)
|
||||||
|
+ put_bits(&s->pb, 16, 0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
block_counter++;
|
||||||
|
} else { // FOUR COLOR BLOCK
|
||||||
|
block_counter += encode_four_color_block(min_color, max_color,
|
Loading…
Reference in New Issue
Block a user