forked from jengelh/ffmpeg-4
Compare commits
3 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
|
8bf39969f7 | ||
| 11b18021fb | |||
|
|
4f45d50795 |
39
ffmpeg-4-CVE-2025-7700.patch
Normal file
39
ffmpeg-4-CVE-2025-7700.patch
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
From 35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
|
||||||
|
Date: Thu, 10 Jul 2025 16:26:39 +0000
|
||||||
|
Subject: [PATCH] libavcodec/alsdec.c: Add check for av_malloc_array() and
|
||||||
|
av_calloc()
|
||||||
|
|
||||||
|
Add check for the return value of av_malloc_array() and av_calloc()
|
||||||
|
to avoid potential NULL pointer dereference.
|
||||||
|
|
||||||
|
Fixes: dcfd24b10c ("avcodec/alsdec: Implement floating point sample data decoding")
|
||||||
|
|
||||||
|
[Remodeled for ffmpeg-4.x - sckang@suse.com]
|
||||||
|
|
||||||
|
Index: ffmpeg-4.4.6/libavcodec/alsdec.c
|
||||||
|
===================================================================
|
||||||
|
--- ffmpeg-4.4.6.orig/libavcodec/alsdec.c
|
||||||
|
+++ ffmpeg-4.4.6/libavcodec/alsdec.c
|
||||||
|
@@ -2116,8 +2116,8 @@ static av_cold int decode_init(AVCodecCo
|
||||||
|
ctx->nbits = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits));
|
||||||
|
ctx->mlz = av_mallocz(sizeof(*ctx->mlz));
|
||||||
|
|
||||||
|
- if (!ctx->mlz || !ctx->acf || !ctx->shift_value || !ctx->last_shift_value
|
||||||
|
- || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
|
||||||
|
+ if (!ctx->larray || !ctx->nbits || !ctx->mlz || !ctx->acf || !ctx->shift_value
|
||||||
|
+ || !ctx->last_shift_value || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
|
||||||
|
av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
|
||||||
|
ret = AVERROR(ENOMEM);
|
||||||
|
goto fail;
|
||||||
|
@@ -2128,6 +2128,10 @@ static av_cold int decode_init(AVCodecCo
|
||||||
|
|
||||||
|
for (c = 0; c < avctx->channels; ++c) {
|
||||||
|
ctx->raw_mantissa[c] = av_mallocz_array(ctx->cur_frame_length, sizeof(**ctx->raw_mantissa));
|
||||||
|
+ if (!ctx->raw_mantissa[c]) {
|
||||||
|
+ av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
|
||||||
|
+ ret = AVERROR(ENOMEM);
|
||||||
|
+ goto fail;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 23 07:01:22 UTC 2025 - SongChuan Kang <sckang@suse.com>
|
||||||
|
|
||||||
|
- Add ffmpeg-4-CVE-2025-7700.patch: Add check for the return value
|
||||||
|
of av_malloc_array() and av_calloc() to avoid potential NULL
|
||||||
|
pointer dereference(CVE-2025-7700, bsc#1246790).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri May 30 14:28:05 UTC 2025 - Cliff Zhao <qzhao@suse.com>
|
Fri May 30 14:28:05 UTC 2025 - Cliff Zhao <qzhao@suse.com>
|
||||||
|
|
||||||
|
|||||||
@@ -142,6 +142,7 @@ Patch28: ffmpeg-4-CVE-2025-25473.patch
|
|||||||
Patch29: ffmpeg-4-CVE-2025-22921.patch
|
Patch29: ffmpeg-4-CVE-2025-22921.patch
|
||||||
Patch30: ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
|
Patch30: ffmpeg-avcodec-libdav1d-don-t-repeatedly-parse-the-same-seq.patch
|
||||||
Patch31: ffmpeg-4-CVE-2024-36618.patch
|
Patch31: ffmpeg-4-CVE-2024-36618.patch
|
||||||
|
Patch32: ffmpeg-4-CVE-2025-7700.patch
|
||||||
BuildRequires: ladspa-devel
|
BuildRequires: ladspa-devel
|
||||||
BuildRequires: libgsm-devel
|
BuildRequires: libgsm-devel
|
||||||
BuildRequires: libmp3lame-devel
|
BuildRequires: libmp3lame-devel
|
||||||
|
|||||||
Reference in New Issue
Block a user