diff options
| author | Roy Li <rongqing.li@windriver.com> | 2014-11-18 21:02:11 -0600 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-11-25 13:03:28 +0000 |
| commit | 3fc5cfe3dd4e8cf966990671c834df6562525179 (patch) | |
| tree | 593fbc064cb6757c6358a0858c923dc1b9222d6b /meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-smc-fix-off-by-1-error.patch | |
| parent | a2b7b6d4516756b729aff7ed285a79005926deec (diff) | |
| download | poky-3fc5cfe3dd4e8cf966990671c834df6562525179.tar.gz | |
gst-ffmpeg: fixes for CVE-2014-8548 and CVE-2014-8541
Issue: LIN7-1755
Issue: LIN7-1739
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8541
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
differences, and not bits-per-pixel differences, when determining whether an
image size has changed, which allows remote attackers to cause a denial of
service (out-of-bounds access) or possibly have unspecified other impact via
crafted MJPEG data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8548
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote
attackers to cause a denial of service (out-of-bounds access) or possibly
have unspecified other impact via crafted Quicktime Graphics (aka SMC) video
data.
(From OE-Core rev: 4bd50c5a967af2b8f0fe77b8f9c100169e4fc531)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-smc-fix-off-by-1-error.patch')
| -rw-r--r-- | meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-smc-fix-off-by-1-error.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-smc-fix-off-by-1-error.patch b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-smc-fix-off-by-1-error.patch new file mode 100644 index 0000000000..3ca6fc4dc5 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-smc-fix-off-by-1-error.patch | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | From c17a0ad1df15a94d0b1239adc2afb593bdf0a153 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael Niedermayer <michaelni@gmx.at> | ||
| 3 | Date: Fri, 3 Oct 2014 22:50:45 +0200 | ||
| 4 | Subject: [PATCH 1/2] avcodec/smc: fix off by 1 error | ||
| 5 | |||
| 6 | Upstream-Status: Backport | ||
| 7 | |||
| 8 | Fixes out of array access | ||
| 9 | Fixes: asan_heap-oob_1685bf0_5_asan_heap-oob_1f35116_430_smc.mov | ||
| 10 | |||
| 11 | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind | ||
| 12 | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | ||
| 13 | --- | ||
| 14 | libavcodec/smc.c | 2 +- | ||
| 15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 16 | |||
| 17 | diff --git a/gst-libs/ext/libav/libavcodec/smc.c b/gst-libs/ext/libav/libavcodec/smc.c | ||
| 18 | index 3cd5e53..dec9f71 100644 | ||
| 19 | --- a/gst-libs/ext/libav/libavcodec/smc.c | ||
| 20 | +++ b/gst-libs/ext/libav/libavcodec/smc.c | ||
| 21 | @@ -69,7 +69,7 @@ typedef struct SmcContext { | ||
| 22 | row_ptr += stride * 4; \ | ||
| 23 | } \ | ||
| 24 | total_blocks--; \ | ||
| 25 | - if (total_blocks < 0) \ | ||
| 26 | + if (total_blocks < 0 + !!n_blocks) \ | ||
| 27 | { \ | ||
| 28 | av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went negative (this should not happen)\n"); \ | ||
| 29 | return; \ | ||
| 30 | -- | ||
| 31 | 2.1.0 | ||
| 32 | |||