diff options
author | Alexander Kanavin <alex.kanavin@gmail.com> | 2021-11-02 09:42:54 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-11-03 11:12:25 +0000 |
commit | c537fbff6807d2c4896bb4a5834f1005f85cbc34 (patch) | |
tree | 2f18866107fb530d831bac8e7ae95cd5e8bade79 /meta/recipes-multimedia/ffmpeg | |
parent | 6a9bc76d6e46f24beb605225fec324b95aad7d6a (diff) | |
download | poky-c537fbff6807d2c4896bb4a5834f1005f85cbc34.tar.gz |
ffmpeg: update 4.4 -> 4.4.1
(From OE-Core rev: f3afff95455153a89df1d0b15b6173b910863be8)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch | 35 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch | 42 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch | 44 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch | 87 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch | 40 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch | 44 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch | 67 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch | 42 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.1.bb (renamed from meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb) | 12 |
9 files changed, 2 insertions, 411 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch deleted file mode 100644 index f048c2e715..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | From 223b5e8ac9f6461bb13ed365419ec485c5b2b002 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Fri, 28 May 2021 20:18:25 +0200 | ||
4 | Subject: [PATCH] avcodec/aacpsy: Avoid floating point division by 0 of | ||
5 | norm_fac | ||
6 | |||
7 | Fixes: Ticket7995 | ||
8 | Fixes: CVE-2020-20446 | ||
9 | |||
10 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
11 | |||
12 | CVE: CVE-2020-20446 | ||
13 | Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002] | ||
14 | |||
15 | Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> | ||
16 | --- | ||
17 | libavcodec/aacpsy.c | 2 +- | ||
18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c | ||
21 | index 482113d427..e51d29750b 100644 | ||
22 | --- a/libavcodec/aacpsy.c | ||
23 | +++ b/libavcodec/aacpsy.c | ||
24 | @@ -794,7 +794,7 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel, | ||
25 | |||
26 | if (pe < 1.15f * desired_pe) { | ||
27 | /* 6.6.1.3.6 "Final threshold modification by linearization" */ | ||
28 | - norm_fac = 1.0f / norm_fac; | ||
29 | + norm_fac = norm_fac ? 1.0f / norm_fac : 0; | ||
30 | for (w = 0; w < wi->num_windows*16; w += 16) { | ||
31 | for (g = 0; g < num_bands; g++) { | ||
32 | AacPsyBand *band = &pch->band[w+g]; | ||
33 | -- | ||
34 | 2.32.0 | ||
35 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch deleted file mode 100644 index b1c94057a3..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | From a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Fri, 28 May 2021 21:37:26 +0200 | ||
4 | Subject: [PATCH] avcodec/aacenc: Avoid 0 lambda | ||
5 | |||
6 | Fixes: Ticket8003 | ||
7 | Fixes: CVE-2020-20453 | ||
8 | |||
9 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
10 | |||
11 | CVE: CVE-2020-20453 | ||
12 | Upstream-Status: Backport [a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8] | ||
13 | |||
14 | Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> | ||
15 | --- | ||
16 | libavcodec/aacenc.c | 3 ++- | ||
17 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c | ||
20 | index aa223cf25f..e80591ba86 100644 | ||
21 | --- a/libavcodec/aacenc.c | ||
22 | +++ b/libavcodec/aacenc.c | ||
23 | @@ -28,6 +28,7 @@ | ||
24 | * TODOs: | ||
25 | * add sane pulse detection | ||
26 | ***********************************/ | ||
27 | +#include <float.h> | ||
28 | |||
29 | #include "libavutil/libm.h" | ||
30 | #include "libavutil/float_dsp.h" | ||
31 | @@ -852,7 +853,7 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, | ||
32 | /* Not so fast though */ | ||
33 | ratio = sqrtf(ratio); | ||
34 | } | ||
35 | - s->lambda = FFMIN(s->lambda * ratio, 65536.f); | ||
36 | + s->lambda = av_clipf(s->lambda * ratio, FLT_MIN, 65536.f); | ||
37 | |||
38 | /* Keep iterating if we must reduce and lambda is in the sky */ | ||
39 | if (ratio > 0.9f && ratio < 1.1f) { | ||
40 | -- | ||
41 | 2.32.0 | ||
42 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch deleted file mode 100644 index 5c911299cb..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | From 4c1afa292520329eecd1cc7631bc59a8cca95c46 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Sat, 29 May 2021 09:22:27 +0200 | ||
4 | Subject: [PATCH] avformat/movenc: Check pal_size before use | ||
5 | |||
6 | Fixes: assertion failure | ||
7 | Fixes: out of array read | ||
8 | Fixes: Ticket8190 | ||
9 | Fixes: CVE-2020-22015 | ||
10 | |||
11 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
12 | |||
13 | |||
14 | CVE: CVE-2020-22015 | ||
15 | Upstream-Status: Backport [4c1afa292520329eecd1cc7631bc59a8cca95c46] | ||
16 | |||
17 | Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> | ||
18 | --- | ||
19 | libavformat/movenc.c | 6 ++++-- | ||
20 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
21 | |||
22 | diff --git a/libavformat/movenc.c b/libavformat/movenc.c | ||
23 | index 2ab507df15..7d839f447b 100644 | ||
24 | --- a/libavformat/movenc.c | ||
25 | +++ b/libavformat/movenc.c | ||
26 | @@ -2160,11 +2160,13 @@ static int mov_write_video_tag(AVFormatContext *s, AVIOContext *pb, MOVMuxContex | ||
27 | avio_wb16(pb, 0x18); /* Reserved */ | ||
28 | |||
29 | if (track->mode == MODE_MOV && track->par->format == AV_PIX_FMT_PAL8) { | ||
30 | - int pal_size = 1 << track->par->bits_per_coded_sample; | ||
31 | - int i; | ||
32 | + int pal_size, i; | ||
33 | avio_wb16(pb, 0); /* Color table ID */ | ||
34 | avio_wb32(pb, 0); /* Color table seed */ | ||
35 | avio_wb16(pb, 0x8000); /* Color table flags */ | ||
36 | + if (track->par->bits_per_coded_sample < 0 || track->par->bits_per_coded_sample > 8) | ||
37 | + return AVERROR(EINVAL); | ||
38 | + pal_size = 1 << track->par->bits_per_coded_sample; | ||
39 | avio_wb16(pb, pal_size - 1); /* Color table size (zero-relative) */ | ||
40 | for (i = 0; i < pal_size; i++) { | ||
41 | uint32_t rgb = track->palette[i]; | ||
42 | -- | ||
43 | 2.32.0 | ||
44 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch deleted file mode 100644 index 6f7fce0e4c..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch +++ /dev/null | |||
@@ -1,87 +0,0 @@ | |||
1 | From 7971f62120a55c141ec437aa3f0bacc1c1a3526b Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Sat, 29 May 2021 11:17:35 +0200 | ||
4 | Subject: [PATCH] avfilter/vf_yadif: Fix handing of tiny images | ||
5 | |||
6 | Fixes: out of array access | ||
7 | Fixes: Ticket8240 | ||
8 | Fixes: CVE-2020-22021 | ||
9 | |||
10 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
11 | |||
12 | CVE: CVE-2020-22021 | ||
13 | Upstream-Status: Backport [7971f62120a55c141ec437aa3f0bacc1c1a3526b] | ||
14 | |||
15 | Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> | ||
16 | --- | ||
17 | libavfilter/vf_yadif.c | 32 ++++++++++++++++++-------------- | ||
18 | 1 file changed, 18 insertions(+), 14 deletions(-) | ||
19 | |||
20 | diff --git a/libavfilter/vf_yadif.c b/libavfilter/vf_yadif.c | ||
21 | index 91cc79ecc3..b0d9fbaf1f 100644 | ||
22 | --- a/libavfilter/vf_yadif.c | ||
23 | +++ b/libavfilter/vf_yadif.c | ||
24 | @@ -123,20 +123,22 @@ static void filter_edges(void *dst1, void *prev1, void *cur1, void *next1, | ||
25 | uint8_t *next2 = parity ? cur : next; | ||
26 | |||
27 | const int edge = MAX_ALIGN - 1; | ||
28 | + int offset = FFMAX(w - edge, 3); | ||
29 | |||
30 | /* Only edge pixels need to be processed here. A constant value of false | ||
31 | * for is_not_edge should let the compiler ignore the whole branch. */ | ||
32 | - FILTER(0, 3, 0) | ||
33 | + FILTER(0, FFMIN(3, w), 0) | ||
34 | |||
35 | - dst = (uint8_t*)dst1 + w - edge; | ||
36 | - prev = (uint8_t*)prev1 + w - edge; | ||
37 | - cur = (uint8_t*)cur1 + w - edge; | ||
38 | - next = (uint8_t*)next1 + w - edge; | ||
39 | + dst = (uint8_t*)dst1 + offset; | ||
40 | + prev = (uint8_t*)prev1 + offset; | ||
41 | + cur = (uint8_t*)cur1 + offset; | ||
42 | + next = (uint8_t*)next1 + offset; | ||
43 | prev2 = (uint8_t*)(parity ? prev : cur); | ||
44 | next2 = (uint8_t*)(parity ? cur : next); | ||
45 | |||
46 | - FILTER(w - edge, w - 3, 1) | ||
47 | - FILTER(w - 3, w, 0) | ||
48 | + FILTER(offset, w - 3, 1) | ||
49 | + offset = FFMAX(offset, w - 3); | ||
50 | + FILTER(offset, w, 0) | ||
51 | } | ||
52 | |||
53 | |||
54 | @@ -170,21 +172,23 @@ static void filter_edges_16bit(void *dst1, void *prev1, void *cur1, void *next1, | ||
55 | uint16_t *next2 = parity ? cur : next; | ||
56 | |||
57 | const int edge = MAX_ALIGN / 2 - 1; | ||
58 | + int offset = FFMAX(w - edge, 3); | ||
59 | |||
60 | mrefs /= 2; | ||
61 | prefs /= 2; | ||
62 | |||
63 | - FILTER(0, 3, 0) | ||
64 | + FILTER(0, FFMIN(3, w), 0) | ||
65 | |||
66 | - dst = (uint16_t*)dst1 + w - edge; | ||
67 | - prev = (uint16_t*)prev1 + w - edge; | ||
68 | - cur = (uint16_t*)cur1 + w - edge; | ||
69 | - next = (uint16_t*)next1 + w - edge; | ||
70 | + dst = (uint16_t*)dst1 + offset; | ||
71 | + prev = (uint16_t*)prev1 + offset; | ||
72 | + cur = (uint16_t*)cur1 + offset; | ||
73 | + next = (uint16_t*)next1 + offset; | ||
74 | prev2 = (uint16_t*)(parity ? prev : cur); | ||
75 | next2 = (uint16_t*)(parity ? cur : next); | ||
76 | |||
77 | - FILTER(w - edge, w - 3, 1) | ||
78 | - FILTER(w - 3, w, 0) | ||
79 | + FILTER(offset, w - 3, 1) | ||
80 | + offset = FFMAX(offset, w - 3); | ||
81 | + FILTER(offset, w, 0) | ||
82 | } | ||
83 | |||
84 | static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs) | ||
85 | -- | ||
86 | 2.32.0 | ||
87 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch deleted file mode 100644 index 5d979ca3f2..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | From 82ad1b76751bcfad5005440db48c46a4de5d6f02 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Sat, 29 May 2021 09:58:31 +0200 | ||
4 | Subject: [PATCH] avfilter/vf_vmafmotion: Check dimensions | ||
5 | |||
6 | Fixes: out of array access | ||
7 | Fixes: Ticket8241 | ||
8 | Fixes: Ticket8246 | ||
9 | Fixes: CVE-2020-22019 | ||
10 | Fixes: CVE-2020-22033 | ||
11 | |||
12 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
13 | |||
14 | |||
15 | CVE: CVE-2020-22033 | ||
16 | CVE: CVE-2020-22019 | ||
17 | Upstream-Status: Backport [82ad1b76751bcfad5005440db48c46a4de5d6f02] | ||
18 | |||
19 | Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> | ||
20 | --- | ||
21 | libavfilter/vf_vmafmotion.c | 3 +++ | ||
22 | 1 file changed, 3 insertions(+) | ||
23 | |||
24 | diff --git a/libavfilter/vf_vmafmotion.c b/libavfilter/vf_vmafmotion.c | ||
25 | index 2db4783d8d..454ebb8afa 100644 | ||
26 | --- a/libavfilter/vf_vmafmotion.c | ||
27 | +++ b/libavfilter/vf_vmafmotion.c | ||
28 | @@ -238,6 +238,9 @@ int ff_vmafmotion_init(VMAFMotionData *s, | ||
29 | int i; | ||
30 | const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(fmt); | ||
31 | |||
32 | + if (w < 3 || h < 3) | ||
33 | + return AVERROR(EINVAL); | ||
34 | + | ||
35 | s->width = w; | ||
36 | s->height = h; | ||
37 | s->stride = FFALIGN(w * sizeof(uint16_t), 32); | ||
38 | -- | ||
39 | 2.32.0 | ||
40 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch deleted file mode 100644 index 51edb76389..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | From 26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Tue, 25 May 2021 19:29:18 +0200 | ||
4 | Subject: [PATCH] avcodec/exr: More strictly check dc_count | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | Fixes: out of array access | ||
10 | Fixes: exr/deneme | ||
11 | |||
12 | Found-by: Burak Çarıkçı <burakcarikci@crypttech.com> | ||
13 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
14 | |||
15 | |||
16 | CVE: CVE-2021-33815 | ||
17 | Upstream-Status: Backport [26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777] | ||
18 | |||
19 | Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> | ||
20 | --- | ||
21 | libavcodec/exr.c | 4 ++-- | ||
22 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
23 | |||
24 | diff --git a/libavcodec/exr.c b/libavcodec/exr.c | ||
25 | index 9377a89169..4648ed7d62 100644 | ||
26 | --- a/libavcodec/exr.c | ||
27 | +++ b/libavcodec/exr.c | ||
28 | @@ -1059,11 +1059,11 @@ static int dwa_uncompress(EXRContext *s, const uint8_t *src, int compressed_size | ||
29 | bytestream2_skip(&gb, ac_size); | ||
30 | } | ||
31 | |||
32 | - if (dc_size > 0) { | ||
33 | + { | ||
34 | unsigned long dest_len = dc_count * 2LL; | ||
35 | GetByteContext agb = gb; | ||
36 | |||
37 | - if (dc_count > (6LL * td->xsize * td->ysize + 63) / 64) | ||
38 | + if (dc_count != dc_w * dc_h * 3) | ||
39 | return AVERROR_INVALIDDATA; | ||
40 | |||
41 | av_fast_padded_malloc(&td->dc_data, &td->dc_size, FFALIGN(dest_len, 64) * 2); | ||
42 | -- | ||
43 | 2.32.0 | ||
44 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch deleted file mode 100644 index ab3ecfecbb..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch +++ /dev/null | |||
@@ -1,67 +0,0 @@ | |||
1 | CVE: CVE-2021-38114 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com> | ||
4 | |||
5 | From 463dbe4e78cc560ca5b09f23a07add0eb78ccee8 Mon Sep 17 00:00:00 2001 | ||
6 | From: maryam ebr <me22bee@outlook.com> | ||
7 | Date: Tue, 3 Aug 2021 01:05:47 -0400 | ||
8 | Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value | ||
9 | |||
10 | Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. | ||
11 | crafted DNxHD data can cause unspecified impact. | ||
12 | |||
13 | Reviewed-by: Paul B Mahol <onemda@gmail.com> | ||
14 | Signed-off-by: James Almer <jamrial@gmail.com> | ||
15 | --- | ||
16 | libavcodec/dnxhddec.c | 22 +++++++++++++++------- | ||
17 | 1 file changed, 15 insertions(+), 7 deletions(-) | ||
18 | |||
19 | diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c | ||
20 | index c78d55aee5..9b475a6979 100644 | ||
21 | --- a/libavcodec/dnxhddec.c | ||
22 | +++ b/libavcodec/dnxhddec.c | ||
23 | @@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx) | ||
24 | |||
25 | static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) | ||
26 | { | ||
27 | + int ret; | ||
28 | if (cid != ctx->cid) { | ||
29 | const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid); | ||
30 | |||
31 | @@ -132,19 +133,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) | ||
32 | ff_free_vlc(&ctx->dc_vlc); | ||
33 | ff_free_vlc(&ctx->run_vlc); | ||
34 | |||
35 | - init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, | ||
36 | + if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, | ||
37 | ctx->cid_table->ac_bits, 1, 1, | ||
38 | - ctx->cid_table->ac_codes, 2, 2, 0); | ||
39 | - init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, | ||
40 | + ctx->cid_table->ac_codes, 2, 2, 0)) < 0) | ||
41 | + goto out; | ||
42 | + if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, | ||
43 | ctx->cid_table->dc_bits, 1, 1, | ||
44 | - ctx->cid_table->dc_codes, 1, 1, 0); | ||
45 | - init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62, | ||
46 | + ctx->cid_table->dc_codes, 1, 1, 0)) < 0) | ||
47 | + goto out; | ||
48 | + if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62, | ||
49 | ctx->cid_table->run_bits, 1, 1, | ||
50 | - ctx->cid_table->run_codes, 2, 2, 0); | ||
51 | + ctx->cid_table->run_codes, 2, 2, 0)) < 0) | ||
52 | + goto out; | ||
53 | |||
54 | ctx->cid = cid; | ||
55 | } | ||
56 | - return 0; | ||
57 | + ret = 0; | ||
58 | +out: | ||
59 | + if (ret < 0) | ||
60 | + av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n"); | ||
61 | + return ret; | ||
62 | } | ||
63 | |||
64 | static int dnxhd_get_profile(int cid) | ||
65 | -- | ||
66 | 2.31.1 | ||
67 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch deleted file mode 100644 index d82f3a4b63..0000000000 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | CVE: CVE-2021-38171 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com> | ||
4 | |||
5 | From fb993619d1035fa9646506925ea70fb122038999 Mon Sep 17 00:00:00 2001 | ||
6 | From: maryam ebrahimzadeh <me22bee@outlook.com> | ||
7 | Date: Wed, 4 Aug 2021 16:15:18 -0400 | ||
8 | Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in | ||
9 | adts_decode_extradata | ||
10 | |||
11 | As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. | ||
12 | 'buf' is part of 'AVPacket pkt'. | ||
13 | replace init_get_bits with init_get_bits8. | ||
14 | |||
15 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
16 | (cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6) | ||
17 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
18 | --- | ||
19 | libavformat/adtsenc.c | 6 ++++-- | ||
20 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
21 | |||
22 | diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c | ||
23 | index 3595cb3bb2..c35a12a628 100644 | ||
24 | --- a/libavformat/adtsenc.c | ||
25 | +++ b/libavformat/adtsenc.c | ||
26 | @@ -51,9 +51,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui | ||
27 | GetBitContext gb; | ||
28 | PutBitContext pb; | ||
29 | MPEG4AudioConfig m4ac; | ||
30 | - int off; | ||
31 | + int off, ret; | ||
32 | |||
33 | - init_get_bits(&gb, buf, size * 8); | ||
34 | + ret = init_get_bits8(&gb, buf, size); | ||
35 | + if (ret < 0) | ||
36 | + return ret; | ||
37 | off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s); | ||
38 | if (off < 0) | ||
39 | return off; | ||
40 | -- | ||
41 | 2.31.1 | ||
42 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.1.bb index c0318ef01d..685214a751 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.1.bb | |||
@@ -25,16 +25,8 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ | |||
25 | 25 | ||
26 | SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ | 26 | SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ |
27 | file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ | 27 | file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ |
28 | file://fix-CVE-2020-20446.patch \ | 28 | " |
29 | file://fix-CVE-2020-20453.patch \ | 29 | SRC_URI[sha256sum] = "eadbad9e9ab30b25f5520fbfde99fae4a92a1ae3c0257a8d68569a4651e30e02" |
30 | file://fix-CVE-2020-22015.patch \ | ||
31 | file://fix-CVE-2020-22021.patch \ | ||
32 | file://fix-CVE-2020-22033-CVE-2020-22019.patch \ | ||
33 | file://fix-CVE-2021-33815.patch \ | ||
34 | file://fix-CVE-2021-38171.patch \ | ||
35 | file://fix-CVE-2021-38114.patch \ | ||
36 | " | ||
37 | SRC_URI[sha256sum] = "06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909" | ||
38 | 30 | ||
39 | # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 | 31 | # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 |
40 | ARM_INSTRUCTION_SET:armv4 = "arm" | 32 | ARM_INSTRUCTION_SET:armv4 = "arm" |