diff options
author | Saloni <salonij@kpit.com> | 2021-10-05 11:02:21 -0400 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2021-10-07 06:19:18 -1000 |
commit | 89df45b9e69a0d5c62a7e05156bc0d3fc85c77fd (patch) | |
tree | 3aa4182bc09ca63b63d181a0ef0118822a902306 | |
parent | d12c44df66ca065a1526c7d6885e726cf50aab46 (diff) | |
download | openembedded-core-contrib-89df45b9e69a0d5c62a7e05156bc0d3fc85c77fd.tar.gz |
ffmpeg: Add fix for CVEs
Add fix for below CVE:
CVE-2021-3566
Link: [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54bacccc793d7da99ea5157532]
CVE-2021-38291
Link: [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1]
Signed-off-by: Saloni Jain <jainsaloni0918@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch | 61 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch | 53 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 4 |
3 files changed, 117 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch new file mode 100644 index 0000000000..abfc024820 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch @@ -0,0 +1,61 @@ +From 3bce9e9b3ea35c54bacccc793d7da99ea5157532 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol <onemda@gmail.com> +Date: Mon, 27 Jan 2020 21:53:08 +0100 +Subject: [PATCH] avformat/tty: add probe function + +CVE: CVE-2021-3566 +Signed-off-by: Saloni Jain <salonij@kpit.com> + +Upstream-Status: Backport [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54bacccc793d7da99ea5157532] +Comment: No changes/refreshing done. +--- + libavformat/tty.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/libavformat/tty.c b/libavformat/tty.c +index 8d48f2c45c12..60f7e9f87ee7 100644 +--- a/libavformat/tty.c ++++ b/libavformat/tty.c +@@ -34,6 +34,13 @@ + #include "internal.h" + #include "sauce.h" + ++static int isansicode(int x) ++{ ++ return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f); ++} ++ ++static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt"; ++ + typedef struct TtyDemuxContext { + AVClass *class; + int chars_per_frame; +@@ -42,6 +49,17 @@ typedef struct TtyDemuxContext { + AVRational framerate; /**< Set by a private option. */ + } TtyDemuxContext; + ++static int read_probe(const AVProbeData *p) ++{ ++ int cnt = 0; ++ ++ for (int i = 0; i < p->buf_size; i++) ++ cnt += !!isansicode(p->buf[i]); ++ ++ return (cnt * 100LL / p->buf_size) * (cnt > 400) * ++ !!av_match_ext(p->filename, tty_extensions); ++} ++ + /** + * Parse EFI header + */ +@@ -153,8 +171,9 @@ AVInputFormat ff_tty_demuxer = { + .name = "tty", + .long_name = NULL_IF_CONFIG_SMALL("Tele-typewriter"), + .priv_data_size = sizeof(TtyDemuxContext), ++ .read_probe = read_probe, + .read_header = read_header, + .read_packet = read_packet, +- .extensions = "ans,art,asc,diz,ice,nfo,txt,vt", ++ .extensions = tty_extensions, + .priv_class = &tty_demuxer_class, + }; diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch new file mode 100644 index 0000000000..e5be985fc3 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch @@ -0,0 +1,53 @@ +From e01d306c647b5827102260b885faa223b646d2d1 Mon Sep 17 00:00:00 2001 +From: James Almer <jamrial@gmail.com> +Date: Wed, 21 Jul 2021 01:02:44 -0300 +Subject: [PATCH] avcodec/utils: don't return negative values in + av_get_audio_frame_duration() + +In some extrme cases, like with adpcm_ms samples with an extremely high channel +count, get_audio_frame_duration() may return a negative frame duration value. +Don't propagate it, and instead return 0, signaling that a duration could not +be determined. + +CVE: CVE-2021-3566 +Fixes ticket #9312 +Signed-off-by: James Almer <jamrial@gmail.com> +Signed-off-by: Saloni Jain <salonij@kpit.com> + +Upstream-Status: Backport [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1] +Comment: No changes/refreshing done. +--- + libavcodec/utils.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/utils.c b/libavcodec/utils.c +index 5fad782f5a..cfc07cbcb8 100644 +--- a/libavcodec/utils.c ++++ b/libavcodec/utils.c +@@ -810,20 +810,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, + + int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes) + { +- return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, ++ int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, + avctx->channels, avctx->block_align, + avctx->codec_tag, avctx->bits_per_coded_sample, + avctx->bit_rate, avctx->extradata, avctx->frame_size, + frame_bytes); ++ return FFMAX(0, duration); + } + + int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes) + { +- return get_audio_frame_duration(par->codec_id, par->sample_rate, ++ int duration = get_audio_frame_duration(par->codec_id, par->sample_rate, + par->channels, par->block_align, + par->codec_tag, par->bits_per_coded_sample, + par->bit_rate, par->extradata, par->frame_size, + frame_bytes); ++ return FFMAX(0, duration); + } + + #if !HAVE_THREADS +-- +2.20.1 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb index 0e359848fa..1d6f2e528b 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb @@ -27,7 +27,9 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://mips64_cpu_detection.patch \ file://CVE-2020-12284.patch \ file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ - " + file://CVE-2021-3566.patch \ + file://CVE-2021-38291.patch \ + " SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" |