diff options
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch deleted file mode 100644 index ddab8e9aca..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3e5959b3457f7f1856d997261e6ac672bba49e8b Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer <michael@niedermayer.cc> -Date: Sat, 24 Oct 2020 22:21:48 +0200 -Subject: [PATCH] avcodec/exr: Check ymin vs. h - -Fixes: out of array access -Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344 -Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136 - -Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg -Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> - -Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b] - -CVE: CVE-2020-35965 - -Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> -Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> ---- - libavcodec/exr.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libavcodec/exr.c b/libavcodec/exr.c -index e907c5c46401..8b701d1cd298 100644 ---- a/libavcodec/exr.c -+++ b/libavcodec/exr.c -@@ -1830,7 +1830,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, - // Zero out the start if ymin is not 0 - for (i = 0; i < planes; i++) { - ptr = picture->data[i]; -- for (y = 0; y < s->ymin; y++) { -+ for (y = 0; y < FFMIN(s->ymin, s->h); y++) { - memset(ptr, 0, out_line_size); - ptr += picture->linesize[i]; - } |