gst-ffmpeg: fix for Security Advisory CVE-2013-0868

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) len==0 cases. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868 (From OE-Core rev: 29dcc2c8e834cf43e415eedefb8fce9667b3aa40) (From OE-Core rev: 8229523ea86e9545cc0ee9e34af12a2f84d0809e) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Yue Tao <Yue.Tao@windriver.com> 2014-04-27 11:56:19 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-05-29 13:43:29 +0100
commit: f9f97a1fed798b30dd0c0a1d7794a1abf9883ab4 (patch)
tree: 54cf039b24049d7fa341ef7d3d23b426c649cb91 /meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
parent: 48169ac9bcd93f436ce166bd440157948613a495 (diff)
download: poky-f9f97a1fed798b30dd0c0a1d7794a1abf9883ab4.tar.gz
1 files changed, 87 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
new file mode 100644
index 0000000000..e859e443bb
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
@@ -0,0 +1,87 @@
+From b666debffec1fcbb19ef377635a53b9a58bca8a4 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michaelni@gmx.at>
+Date: Tue, 29 Jan 2013 18:29:41 +0100
+Subject: [PATCH] huffyuvdec: Check init_vlc() return codes.
+Upstream-Status: Backport
+Commit b666debffec1fcbb19ef377635a53b9a58bca8a4 release/1.0
+Prevents out of array writes
+Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
+Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
+(cherry picked from commit f67a0d115254461649470452058fa3c28c0df294)
+Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
+---
+ libavcodec/huffyuv.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c
+index 58da789..993e524 100644
+--- a/gst-libs/ext/libav/libavcodec/huffyuv.c
+++ b/gst-libs/ext/libav/libavcodec/huffyuv.c
+@@ -33,6 +33,7 @@
+ #include "put_bits.h"
+ #include "dsputil.h"
+ #include "thread.h"
+#include "libavutil/avassert.h"
+ 
+ #define VLC_BITS 11
+ 
+@@ -287,6 +287,7 @@ static void generate_joint_tables(HYuvCo
+                     int len1 = s->len[p][u];
+                     if (len1 > limit || !len1)
+                         continue;
+                    av_assert0(i < (1 << VLC_BITS));
+                     len[i] = len0 + len1;
+                     bits[i] = (s->bits[0][y] << len1) + s->bits[p][u];
+                     symbols[i] = (y<<8) + u;
+@@ -320,6 +321,7 @@ static void generate_joint_tables(HYuvCo
+                     int len2 = s->len[2][r&255];
+                     if (len2 > limit1 || !len2)
+                         continue;
+                    av_assert0(i < (1 << VLC_BITS));
+                     len[i] = len0 + len1 + len2;
+                     bits[i] = (code << len2) + s->bits[2][r&255];
+                     if(s->decorrelate){
+@@ -343,6 +345,7 @@ static void generate_joint_tables(HYuvCo
+ static int read_huffman_tables(HYuvContext *s, const uint8_t *src, int length){
+     GetBitContext gb;
+     int i;
+    int ret;
+ 
+     init_get_bits(&gb, src, length*8);
+ 
+@@ -353,7 +356,9 @@ static int read_huffman_tables(HYuvConte
+             return -1;
+         }
+         free_vlc(&s->vlc[i]);
+-        init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0);
+        if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1,
+                           s->bits[i], 4, 4, 0)) < 0)
+            return ret;
+     }
+ 
+     generate_joint_tables(s);
+@@ -365,6 +370,7 @@ static int read_old_huffman_tables(HYuvC
+ #if 1
+     GetBitContext gb;
+     int i;
+    int ret;
+ 
+     init_get_bits(&gb, classic_shift_luma, sizeof(classic_shift_luma)*8);
+     if(read_len_table(s->len[0], &gb)<0)
+@@ -385,7 +391,9 @@ static int read_old_huffman_tables(HYuvC
+ 
+     for(i=0; i<3; i++){
+         free_vlc(&s->vlc[i]);
+-        init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0);
+        if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1,
+                            s->bits[i], 4, 4, 0)) < 0)
+            return ret;
+     }
+ 
+     generate_joint_tables(s);
+--
author	Yue Tao <Yue.Tao@windriver.com>	2014-04-27 11:56:19 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-05-29 13:43:29 +0100
commit	f9f97a1fed798b30dd0c0a1d7794a1abf9883ab4 (patch)
tree	54cf039b24049d7fa341ef7d3d23b426c649cb91 /meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
parent	48169ac9bcd93f436ce166bd440157948613a495 (diff)
download	poky-f9f97a1fed798b30dd0c0a1d7794a1abf9883ab4.tar.gz

diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch new file mode 100644 index 0000000000..e859e443bb --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch
@@ -0,0 +1,87 @@
	1	From b666debffec1fcbb19ef377635a53b9a58bca8a4 Mon Sep 17 00:00:00 2001
	2	From: Michael Niedermayer <michaelni@gmx.at>
	3	Date: Tue, 29 Jan 2013 18:29:41 +0100
	4	Subject: [PATCH] huffyuvdec: Check init_vlc() return codes.
	5
	6	Upstream-Status: Backport
	7
	8	Commit b666debffec1fcbb19ef377635a53b9a58bca8a4 release/1.0
	9
	10	Prevents out of array writes
	11
	12	Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
	13	Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
	14	(cherry picked from commit f67a0d115254461649470452058fa3c28c0df294)
	15
	16	Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
	17	---
	18	libavcodec/huffyuv.c \| 14 ++++++++++----
	19	1 file changed, 10 insertions(+), 4 deletions(-)
	20
	21	diff --git a/libavcodec/huffyuv.c b/libavcodec/huffyuv.c
	22	index 58da789..993e524 100644
	23	--- a/gst-libs/ext/libav/libavcodec/huffyuv.c
	24	+++ b/gst-libs/ext/libav/libavcodec/huffyuv.c
	25	@@ -33,6 +33,7 @@
	26	#include "put_bits.h"
	27	#include "dsputil.h"
	28	#include "thread.h"
	29	+#include "libavutil/avassert.h"
	30
	31	#define VLC_BITS 11
	32
	33	@@ -287,6 +287,7 @@ static void generate_joint_tables(HYuvCo
	34	int len1 = s->len[p][u];
	35	if (len1 > limit \|\| !len1)
	36	continue;
	37	+ av_assert0(i < (1 << VLC_BITS));
	38	len[i] = len0 + len1;
	39	bits[i] = (s->bits[0][y] << len1) + s->bits[p][u];
	40	symbols[i] = (y<<8) + u;
	41	@@ -320,6 +321,7 @@ static void generate_joint_tables(HYuvCo
	42	int len2 = s->len[2][r&255];
	43	if (len2 > limit1 \|\| !len2)
	44	continue;
	45	+ av_assert0(i < (1 << VLC_BITS));
	46	len[i] = len0 + len1 + len2;
	47	bits[i] = (code << len2) + s->bits[2][r&255];
	48	if(s->decorrelate){
	49	@@ -343,6 +345,7 @@ static void generate_joint_tables(HYuvCo
	50	static int read_huffman_tables(HYuvContext s, const uint8_t src, int length){
	51	GetBitContext gb;
	52	int i;
	53	+ int ret;
	54
	55	init_get_bits(&gb, src, length*8);
	56
	57	@@ -353,7 +356,9 @@ static int read_huffman_tables(HYuvConte
	58	return -1;
	59	}
	60	free_vlc(&s->vlc[i]);
	61	- init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0);
	62	+ if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1,
	63	+ s->bits[i], 4, 4, 0)) < 0)
	64	+ return ret;
	65	}
	66
	67	generate_joint_tables(s);
	68	@@ -365,6 +370,7 @@ static int read_old_huffman_tables(HYuvC
	69	#if 1
	70	GetBitContext gb;
	71	int i;
	72	+ int ret;
	73
	74	init_get_bits(&gb, classic_shift_luma, sizeof(classic_shift_luma)*8);
	75	if(read_len_table(s->len[0], &gb)<0)
	76	@@ -385,7 +391,9 @@ static int read_old_huffman_tables(HYuvC
	77
	78	for(i=0; i<3; i++){
	79	free_vlc(&s->vlc[i]);
	80	- init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1, s->bits[i], 4, 4, 0);
	81	+ if ((ret = init_vlc(&s->vlc[i], VLC_BITS, 256, s->len[i], 1, 1,
	82	+ s->bits[i], 4, 4, 0)) < 0)
	83	+ return ret;
	84	}
	85
	86	generate_joint_tables(s);
	87	--