diff options
| author | Yue Tao <Yue.Tao@windriver.com> | 2014-04-27 20:04:19 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-05-29 13:43:30 +0100 |
| commit | c8997770102cb1bf2a24a9a1302842cc201b6afb (patch) | |
| tree | 8e42fe23d980b75153104472b44631fb4262bba9 /meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch | |
| parent | afb6a3688f80ea8a7ab98f22e5edbf77130379ed (diff) | |
| download | poky-c8997770102cb1bf2a24a9a1302842cc201b6afb.tar.gz | |
gst-ffmpeg: fix for Security Advisory CVE-2013-0854
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c
in FFmpeg before 1.1 allows remote attackers to have an unspecified
impact via crafted MJPEG data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854
(From OE-Core rev: b3d9c8f603ebdbc21cb2ba7e62f8b5ebb57c40c1)
(From OE-Core rev: ed928b72dcc9a7eca01abb41aabca3553c47ffe3)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch')
| -rw-r--r-- | meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch new file mode 100644 index 0000000000..d90bafac91 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | From 1f41cffe1e3e79620f587545bdfcbd7e6e68ed29 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael Niedermayer <michaelni@gmx.at> | ||
| 3 | Date: Sun, 11 Nov 2012 00:01:24 +0100 | ||
| 4 | Subject: [PATCH] mjpegdec: check SE. | ||
| 5 | |||
| 6 | Upstream-Status: Backport | ||
| 7 | |||
| 8 | Commit 1f41cffe1e3e79620f587545bdfcbd7e6e68ed29 release/1.1 | ||
| 9 | |||
| 10 | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind | ||
| 11 | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | ||
| 12 | --- | ||
| 13 | libavcodec/mjpegdec.c | 5 +++++ | ||
| 14 | 1 file changed, 5 insertions(+) | ||
| 15 | |||
| 16 | diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c | ||
| 17 | index 6b5266d..0a71a6f 100644 | ||
| 18 | --- a/gst-libs/ext/libav/libavcodec/mjpegdec.c | ||
| 19 | +++ b/gst-libs/ext/libav/libavcodec/mjpegdec.c | ||
| 20 | @@ -905,6 +905,11 @@ static int mjpeg_decode_scan_progressive | ||
| 21 | int16_t *quant_matrix = s->quant_matrixes[ s->quant_index[c] ]; | ||
| 22 | GetBitContext mb_bitmask_gb; | ||
| 23 | |||
| 24 | + if (se > 63) { | ||
| 25 | + av_log(s->avctx, AV_LOG_ERROR, "SE %d is too large\n", se); | ||
| 26 | + return AVERROR_INVALIDDATA; | ||
| 27 | + } | ||
| 28 | + | ||
| 29 | if (mb_bitmask) { | ||
| 30 | init_get_bits(&mb_bitmask_gb, mb_bitmask, s->mb_width*s->mb_height); | ||
| 31 | } | ||
| 32 | -- | ||