diff options
author | Tony Tascioglu <tony.tascioglu@windriver.com> | 2021-07-27 16:20:47 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-07-28 23:46:56 +0100 |
commit | e03fda4df5d2865d5ac516f45aa120e2caf7de47 (patch) | |
tree | b0c50a71ad6e2208a8a8e2addc7245a67f32b987 | |
parent | 451a945efb21221cfeeb4e641c5aa8bf4ae18c89 (diff) | |
download | openembedded-core-contrib-e03fda4df5d2865d5ac516f45aa120e2caf7de47.tar.gz |
ffmpeg: fix CVE-2021-33815
avcodec/exr: More strictly check dc_count
Fixes: out of array access
Fixes: exr/deneme
Found-by: Burak Çarıkçı <burakcarikci@crypttech.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2021-33815
Upstream-Status: Backport [26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch | 44 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb | 1 |
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch new file mode 100644 index 0000000000..51edb76389 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch @@ -0,0 +1,44 @@ +From 26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Tue, 25 May 2021 19:29:18 +0200 +Subject: [PATCH] avcodec/exr: More strictly check dc_count +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: out of array access +Fixes: exr/deneme + +Found-by: Burak Çarıkçı <burakcarikci@crypttech.com> +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + + +CVE: CVE-2021-33815 +Upstream-Status: Backport [26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777] + +Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> +--- + libavcodec/exr.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/exr.c b/libavcodec/exr.c +index 9377a89169..4648ed7d62 100644 +--- a/libavcodec/exr.c ++++ b/libavcodec/exr.c +@@ -1059,11 +1059,11 @@ static int dwa_uncompress(EXRContext *s, const uint8_t *src, int compressed_size + bytestream2_skip(&gb, ac_size); + } + +- if (dc_size > 0) { ++ { + unsigned long dest_len = dc_count * 2LL; + GetByteContext agb = gb; + +- if (dc_count > (6LL * td->xsize * td->ysize + 63) / 64) ++ if (dc_count != dc_w * dc_h * 3) + return AVERROR_INVALIDDATA; + + av_fast_padded_malloc(&td->dc_data, &td->dc_size, FFALIGN(dest_len, 64) * 2); +-- +2.32.0 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb index 70b1513048..02af257d0f 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb @@ -30,6 +30,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://fix-CVE-2020-22015.patch \ file://fix-CVE-2020-22021.patch \ file://fix-CVE-2020-22033-CVE-2020-22019.patch \ + file://fix-CVE-2021-33815.patch \ " SRC_URI[sha256sum] = "06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909" |