forked from jengelh/ffmpeg-7
55 lines
2.0 KiB
Diff
55 lines
2.0 KiB
Diff
From 459648761f5412acdc3317d5bac982ceaa257584
|
|
Author: Niklas Haas <git@haasn.dev>
|
|
Date: Sat Apr 6 13:11:09 2024 +0200
|
|
Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata
|
|
References: CVE-2024-32228
|
|
References: bsc#1227277
|
|
Upstream: Backport from upstream
|
|
|
|
Invalid input files may contain film grain metadata which survives
|
|
ff_h274_film_grain_params_supported() but does not pass
|
|
av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end().
|
|
|
|
Fix this by duplicating the av_film_grain_params_select() check at frame
|
|
init time.
|
|
|
|
An alternative solution here would be to defer the incompatibility check
|
|
to hevc_frame_end(), but this has the downside of allocating a film
|
|
grain buffer even when we already know we can't apply film grain.
|
|
|
|
Fixes: https://trac.ffmpeg.org/ticket/10951
|
|
|
|
--- ffmpeg-7.0/libavcodec/hevcdec.c
|
|
+++ ffmpeg-7.0_new/libavcodec/hevcdec.c
|
|
@@ -2892,10 +2892,16 @@
|
|
!(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) &&
|
|
!s->avctx->hwaccel;
|
|
|
|
+ ret = set_side_data(s);
|
|
+ if (ret < 0)
|
|
+ goto fail;
|
|
+
|
|
if (s->ref->needs_fg &&
|
|
- s->sei.common.film_grain_characteristics.present &&
|
|
- !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
|
|
- s->ref->frame->format)) {
|
|
+ ( s->sei.common.film_grain_characteristics.present &&
|
|
+ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id,
|
|
+ s->ref->frame->format))
|
|
+ || !av_film_grain_params_select(s->ref->frame)) {
|
|
+
|
|
av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown,
|
|
"Unsupported film grain parameters. Ignoring film grain.\n");
|
|
s->ref->needs_fg = 0;
|
|
@@ -2909,10 +2915,6 @@
|
|
goto fail;
|
|
}
|
|
|
|
- ret = set_side_data(s);
|
|
- if (ret < 0)
|
|
- goto fail;
|
|
-
|
|
s->frame->pict_type = 3 - s->sh.slice_type;
|
|
|
|
if (!IS_IRAP(s))
|