diff options
| author |   Narpat Mali <narpat.mali@windriver.com> | 2023-01-04 15:06:55 +0000 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2023-01-12 04:56:26 -1000 |
| commit | 874b72fe259cd3a23f4613fccfe2e9cc3f79cd6a (patch) | |
| tree | 293ebb6129c61da8267352a3f34b427e790a8a64 | |
| parent | bc8501a5a2ffc5673bad50f744d78822525bea9d (diff) | |
| download | openembedded-core-874b72fe259cd3a23f4613fccfe2e9cc3f79cd6a.tar.gz | |
ffmpeg: fix for CVE-2022-3109
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of
the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
CVE: CVE-2022-3109
Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch | 44 | ||||
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 |
2 files changed, 46 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch new file mode 100644 index 0000000000..94858a6cdd --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch @@ -0,0 +1,44 @@ +From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang <jiasheng@iscas.ac.cn> +Date: Tue, 15 Feb 2022 17:58:08 +0800 +Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc + +Since the av_malloc() may fail and return NULL pointer, +it is needed that the 's->edge_emu_buffer' should be checked +whether the new allocation is success. + +Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048") +Reviewed-by: Peter Ross <pross@xvid.org> +Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> + +CVE: CVE-2022-3109 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + libavcodec/vp3.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c +index e9ab54d736..e2418eb6fa 100644 +--- a/libavcodec/vp3.c ++++ b/libavcodec/vp3.c +@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx, + AV_GET_BUFFER_FLAG_REF)) < 0) + goto error; + +- if (!s->edge_emu_buffer) ++ if (!s->edge_emu_buffer) { + s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0])); ++ if (!s->edge_emu_buffer) { ++ ret = AVERROR(ENOMEM); ++ goto error; ++ } ++ } + + if (s->keyframe) { + if (!s->theora) { +-- +2.34.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 95b4bf50ac..c5bebe9c2d 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -26,7 +26,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ - " + file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \ + " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" |