gst-ffmpeg: fix CVE issues

Backport patches to fix following CVE issues: * CVE-2011-4352 * CVE-2014-7933 * CVE-2014-8542 * CVE-2014-8543 * CVE-2014-8544 * CVE-2014-8545 * CVE-2014-8546 * CVE-2014-8547 * CVE-2014-9318 * CVE-2014-9603 Patch for CVE-2014-9603 in upstream is applied for version 2.x. Becuase source code changes, just partly backport part of the commit which is applicable to version 0.10.13. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Kang Kai <kai.kang@windriver.com> 2015-05-22 15:52:24 +0800
committer: Martin Jansa <Martin.Jansa@gmail.com> 2015-05-28 10:35:13 +0200
commit: c7807315c194cef61bd015659a24115adb8d91e4 (patch)
tree: cfdd1927a3eeac57d92a0b5753d9c92635496f60 /meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch
parent: fa01c2614a4e58937cd73d0f5d8b17df935bc5b5 (diff)
download: meta-openembedded-c7807315c194cef61bd015659a24115adb8d91e4.tar.gz
1 files changed, 36 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch
new file mode 100644
index 000000000..29d5f776a
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch
@@ -0,0 +1,36 @@
+From 3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michaelni@gmx.at>
+Date: Fri, 3 Oct 2014 17:35:58 +0200
+Subject: [PATCH] avcodec/pngdec: Check bits per pixel before setting
+ monoblack pixel format
+(Upstream commit 3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6)
+Fixes out of array accesses
+Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png
+Upstream-Status: Backport
+Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
+Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+---
+ libavcodec/pngdec.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
+index da91aab..f3603b3 100644
+--- a/gst-libs/ext/libav/libavcodec/pngdec.c
+++ b/gst-libs/ext/libav/libavcodec/pngdec.c
+@@ -481,7 +481,7 @@ static int decode_frame(AVCodecContext *avctx,
+                 } else if (s->bit_depth == 16 &&
+                            s->color_type == PNG_COLOR_TYPE_RGB) {
+                     avctx->pix_fmt = PIX_FMT_RGB48BE;
+-                } else if (s->bit_depth == 1 &&
+                } else if (s->bit_depth == 1 && s->bits_per_pixel == 1 &&
+                            s->color_type == PNG_COLOR_TYPE_GRAY) {
+                     avctx->pix_fmt = PIX_FMT_MONOBLACK;
+                 } else if (s->color_type == PNG_COLOR_TYPE_PALETTE) {
+-- 
+1.7.9.5
author	Kang Kai <kai.kang@windriver.com>	2015-05-22 15:52:24 +0800
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-05-28 10:35:13 +0200
commit	c7807315c194cef61bd015659a24115adb8d91e4 (patch)
tree	cfdd1927a3eeac57d92a0b5753d9c92635496f60 /meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch
parent	fa01c2614a4e58937cd73d0f5d8b17df935bc5b5 (diff)
download	meta-openembedded-c7807315c194cef61bd015659a24115adb8d91e4.tar.gz

diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch new file mode 100644 index 000000000..29d5f776a --- /dev/null +++ b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch
@@ -0,0 +1,36 @@
	1	From 3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6 Mon Sep 17 00:00:00 2001
	2	From: Michael Niedermayer <michaelni@gmx.at>
	3	Date: Fri, 3 Oct 2014 17:35:58 +0200
	4	Subject: [PATCH] avcodec/pngdec: Check bits per pixel before setting
	5	monoblack pixel format
	6
	7	(Upstream commit 3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6)
	8
	9	Fixes out of array accesses
	10	Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png
	11
	12	Upstream-Status: Backport
	13
	14	Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
	15	Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
	16	Signed-off-by: Yue Tao <yue.tao@windriver.com>
	17	---
	18	libavcodec/pngdec.c \| 2 +-
	19	1 file changed, 1 insertion(+), 1 deletion(-)
	20
	21	diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
	22	index da91aab..f3603b3 100644
	23	--- a/gst-libs/ext/libav/libavcodec/pngdec.c
	24	+++ b/gst-libs/ext/libav/libavcodec/pngdec.c
	25	@@ -481,7 +481,7 @@ static int decode_frame(AVCodecContext *avctx,
	26	} else if (s->bit_depth == 16 &&
	27	s->color_type == PNG_COLOR_TYPE_RGB) {
	28	avctx->pix_fmt = PIX_FMT_RGB48BE;
	29	- } else if (s->bit_depth == 1 &&
	30	+ } else if (s->bit_depth == 1 && s->bits_per_pixel == 1 &&
	31	s->color_type == PNG_COLOR_TYPE_GRAY) {
	32	avctx->pix_fmt = PIX_FMT_MONOBLACK;
	33	} else if (s->color_type == PNG_COLOR_TYPE_PALETTE) {
	34	--
	35	1.7.9.5
	36