From 1a19def9cdee1407c229b3e4ebc4604747ba7966c754e28990cc68209f62d334 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 3 Jul 2024 07:39:13 +0000 Subject: [PATCH] Add ffmpeg-7-CVE-2024-32228.patch ffmpeg-7-CVE-2024-32230.patch to fix CVE bugs. (CVE-2024-32228, bsc#1227277, CVE-2024-32230, bsc#1227296) OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-7?expand=0&rev=3 --- ffmpeg-7-CVE-2024-32228.patch | 58 +++++++++++++++++++++++++++++++++++ ffmpeg-7-CVE-2024-32230.patch | 29 ++++++++++++++++++ ffmpeg-7.changes | 15 +++++++++ ffmpeg-7.spec | 6 ++-- 4 files changed, 106 insertions(+), 2 deletions(-) create mode 100644 ffmpeg-7-CVE-2024-32228.patch create mode 100644 ffmpeg-7-CVE-2024-32230.patch diff --git a/ffmpeg-7-CVE-2024-32228.patch b/ffmpeg-7-CVE-2024-32228.patch new file mode 100644 index 0000000..1394ae9 --- /dev/null +++ b/ffmpeg-7-CVE-2024-32228.patch @@ -0,0 +1,58 @@ +From: Cliff Zhao +Date: 2024-07-02 21:28:32 +0100 +Subject: avcodec/hevcdec: fix segfault on invalid film grain metadata +References: CVE-2024-32228 bsc#1227277 +Upstream: Backport from upstream + +commit 459648761f5412acdc3317d5bac982ceaa257584 +Author: Niklas Haas +Date: Sat Apr 6 13:11:09 2024 +0200 + + avcodec/hevcdec: fix segfault on invalid film grain metadata + + Invalid input files may contain film grain metadata which survives + ff_h274_film_grain_params_supported() but does not pass + av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end(). + + Fix this by duplicating the av_film_grain_params_select() check at frame + init time. + + An alternative solution here would be to defer the incompatibility check + to hevc_frame_end(), but this has the downside of allocating a film + grain buffer even when we already know we can't apply film grain. + + Fixes: https://trac.ffmpeg.org/ticket/10951 + +--- ffmpeg-7.0/libavcodec/hevcdec.c 2024-04-05 07:22:59.000000000 +0800 ++++ ffmpeg-7.0_new/libavcodec/hevcdec.c 2024-07-02 22:48:49.293996651 +0800 +@@ -2892,10 +2892,16 @@ + !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) && + !s->avctx->hwaccel; + ++ ret = set_side_data(s); ++ if (ret < 0) ++ goto fail; ++ + if (s->ref->needs_fg && +- s->sei.common.film_grain_characteristics.present && +- !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, +- s->ref->frame->format)) { ++ ( s->sei.common.film_grain_characteristics.present && ++ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, ++ s->ref->frame->format)) ++ || !av_film_grain_params_select(s->ref->frame)) { ++ + av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, + "Unsupported film grain parameters. Ignoring film grain.\n"); + s->ref->needs_fg = 0; +@@ -2909,10 +2915,6 @@ + goto fail; + } + +- ret = set_side_data(s); +- if (ret < 0) +- goto fail; +- + s->frame->pict_type = 3 - s->sh.slice_type; + + if (!IS_IRAP(s)) diff --git a/ffmpeg-7-CVE-2024-32230.patch b/ffmpeg-7-CVE-2024-32230.patch new file mode 100644 index 0000000..f6b0b22 --- /dev/null +++ b/ffmpeg-7-CVE-2024-32230.patch @@ -0,0 +1,29 @@ +From: Cliff Zhao +Date: 2024-07-02 21:52:18 +0100 +Subject: avcodec/mpegvideo_enc: Fix 1 line and one column images +References: CVE-2024-32230 bsc#1227296 +Upstream: Backport from upstream + +commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 +Author: Michael Niedermayer +Date: Mon Apr 8 18:38:42 2024 +0200 + + avcodec/mpegvideo_enc: Fix 1 line and one column images + + Fixes: Ticket10952 + Fixes: poc21ffmpeg + Signed-off-by: Michael Niedermayer + +--- ffmpeg-7.0/libavcodec/mpegvideo_enc.c 2024-04-05 07:22:59.000000000 +0800 ++++ ffmpeg-7.0_new/libavcodec/mpegvideo_enc.c 2024-07-02 23:24:47.410634866 +0800 +@@ -1198,8 +1198,8 @@ + ptrdiff_t dst_stride = i ? s->uvlinesize : s->linesize; + int h_shift = i ? s->chroma_x_shift : 0; + int v_shift = i ? s->chroma_y_shift : 0; +- int w = s->width >> h_shift; +- int h = s->height >> v_shift; ++ int w = AV_CEIL_RSHIFT(s->width , h_shift); ++ int h = AV_CEIL_RSHIFT(s->height, v_shift); + const uint8_t *src = pic_arg->data[i]; + uint8_t *dst = pic->f->data[i]; + int vpad = 16; diff --git a/ffmpeg-7.changes b/ffmpeg-7.changes index d1202c8..0dc2358 100644 --- a/ffmpeg-7.changes +++ b/ffmpeg-7.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Jul 2 12:26:28 UTC 2024 - Cliff Zhao + +- Add ffmpeg-7-CVE-2024-32230.patch: + Backporting 96449cfe from upstream, Fix 1 line and one column images. + (CVE-2024-32230 bsc#1227296) + +------------------------------------------------------------------- +Tue Jul 2 11:57:01 UTC 2024 - Cliff Zhao + +- Add ffmpeg-7-CVE-2024-32228.patch: + Backporting 45964876 from upstream, Fix segfault on invalid film + grain metadata. + (CVE-2024-32228, bsc#1227277) + ------------------------------------------------------------------- Sun Apr 7 11:39:41 UTC 2024 - Jan Engelhardt diff --git a/ffmpeg-7.spec b/ffmpeg-7.spec index 30debc8..f868b26 100644 --- a/ffmpeg-7.spec +++ b/ffmpeg-7.spec @@ -104,7 +104,6 @@ Source6: ffmpeg-dlopen-headers.tar.xz Source92: ffmpeg_get_dlopen_headers.sh Source98: http://ffmpeg.org/ffmpeg-devel.asc#/ffmpeg-7.keyring Source99: baselibs.conf - Patch1: ffmpeg-arm6l.diff Patch2: ffmpeg-new-coder-errors.diff Patch3: ffmpeg-codec-choice.diff @@ -112,7 +111,10 @@ Patch4: ffmpeg-4.2-dlopen-fdk_aac.patch Patch5: work-around-abi-break.patch Patch10: ffmpeg-chromium.patch Patch91: ffmpeg-dlopen-openh264.patch - +# PATCH-FIX-UPSTREAM ffmpeg-7-CVE-2024-32228.patch CVE-2024-32228 bsc#1227277 qzhao@suse.com -- Fix segfault on invalid film grain metadata. +Patch92: ffmpeg-7-CVE-2024-32228.patch +# PATCH-FIX-UPSTREAM ffmpeg-7-CVE-2024-32230.patch CVE-2024-32230 bsc#1227296 qzhao@suse.com -- Fix 1 line and one column images. +Patch93: ffmpeg-7-CVE-2024-32230.patch BuildRequires: ladspa-devel BuildRequires: libgsm-devel BuildRequires: libmp3lame-devel >= 3.98.3