diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2017-09-30 11:21:01 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-09 12:33:16 +0000 |
| commit | 31eb2baed27fa83073c8718f40a6af7070097c37 (patch) | |
| tree | 997fa90cecb34f6b66465c630f38236271593936 /meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14170.patch | |
| parent | 9e1e4d74c37479659e94a3650cff5c75a47759f0 (diff) | |
| download | poky-31eb2baed27fa83073c8718f40a6af7070097c37.tar.gz | |
ffmpeg: upgrade to 3.3.4
Upgrade ffmpeg to version 3.3.4. Version 3.3.4 is a bug fix version, and
there's no new feature added.
Compared to version 3.3.3, there are 57 new commits. These 57 commits are
either bug fix or small tweaks.
Drop CVE patches that were backported from 3.3.4.
(From OE-Core rev: 234d9aaffc2b08846281247e5ba37b20fea1493d)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14170.patch')
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14170.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14170.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14170.patch deleted file mode 100644 index 8860125030..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14170.patch +++ /dev/null | |||
| @@ -1,49 +0,0 @@ | |||
| 1 | From 900f39692ca0337a98a7cf047e4e2611071810c2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?= | ||
| 3 | <tony.sh@alibaba-inc.com> | ||
| 4 | Date: Tue, 29 Aug 2017 23:59:21 +0200 | ||
| 5 | Subject: [PATCH] avformat/mxfdec: Fix DoS issues in | ||
| 6 | mxf_read_index_entry_array() | ||
| 7 | MIME-Version: 1.0 | ||
| 8 | Content-Type: text/plain; charset=UTF-8 | ||
| 9 | Content-Transfer-Encoding: 8bit | ||
| 10 | |||
| 11 | Fixes: 20170829A.mxf | ||
| 12 | |||
| 13 | Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com> | ||
| 14 | Found-by: Xiaohei and Wangchu from Alibaba Security Team | ||
| 15 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
| 16 | |||
| 17 | CVE: CVE-2017-14170 | ||
| 18 | Upstream-Status: Backport | ||
| 19 | |||
| 20 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 21 | --- | ||
| 22 | libavformat/mxfdec.c | 4 ++++ | ||
| 23 | 1 file changed, 4 insertions(+) | ||
| 24 | |||
| 25 | diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c | ||
| 26 | index f8d0f9e..6adb77d 100644 | ||
| 27 | --- a/libavformat/mxfdec.c | ||
| 28 | +++ b/libavformat/mxfdec.c | ||
| 29 | @@ -899,6 +899,8 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg | ||
| 30 | segment->nb_index_entries = avio_rb32(pb); | ||
| 31 | |||
| 32 | length = avio_rb32(pb); | ||
| 33 | + if(segment->nb_index_entries && length < 11) | ||
| 34 | + return AVERROR_INVALIDDATA; | ||
| 35 | |||
| 36 | if (!(segment->temporal_offset_entries=av_calloc(segment->nb_index_entries, sizeof(*segment->temporal_offset_entries))) || | ||
| 37 | !(segment->flag_entries = av_calloc(segment->nb_index_entries, sizeof(*segment->flag_entries))) || | ||
| 38 | @@ -909,6 +911,8 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg | ||
| 39 | } | ||
| 40 | |||
| 41 | for (i = 0; i < segment->nb_index_entries; i++) { | ||
| 42 | + if(avio_feof(pb)) | ||
| 43 | + return AVERROR_INVALIDDATA; | ||
| 44 | segment->temporal_offset_entries[i] = avio_r8(pb); | ||
| 45 | avio_r8(pb); /* KeyFrameOffset */ | ||
| 46 | segment->flag_entries[i] = avio_r8(pb); | ||
| 47 | -- | ||
| 48 | 2.1.0 | ||
| 49 | |||