diff options
author | Yue Tao <Yue.Tao@windriver.com> | 2014-04-28 11:12:34 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-05-29 13:43:30 +0100 |
commit | c03bb4d0c76ae5bf2140cff1c796f007c18b6c93 (patch) | |
tree | c7f75f8b5ee4621f82f4704c0a3ebfc8e12a767e /meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13 | |
parent | f91b780b1a7708394c855da99d76b3b8b30a9065 (diff) | |
download | poky-c03bb4d0c76ae5bf2140cff1c796f007c18b6c93.tar.gz |
gst-ffmpeg: fix for Security Advisory CVE-2013-0849
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via a
crafted (1) width or (2) height dimension that is not a multiple of
sixteen in id RoQ video data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849
(From OE-Core rev: 1a43a8054f51fbd542f3f037dc35f8b501e455bf)
(From OE-Core rev: 2a6b495d9f6017874057942b1ba42ab220c7c517)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13')
-rw-r--r-- | meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-roqvideodec-check-dimensions-validity.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-roqvideodec-check-dimensions-validity.patch b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-roqvideodec-check-dimensions-validity.patch new file mode 100644 index 0000000000..7e58afcf6b --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-roqvideodec-check-dimensions-validity.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 391e0fc6c90ced6656b74f50f3a487b6dc76ea63 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michaelni@gmx.at> | ||
3 | Date: Thu, 29 Nov 2012 15:18:17 +0100 | ||
4 | Subject: [PATCH] roqvideodec: check dimensions validity | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Commit 391e0fc6c90ced6656b74f50f3a487b6dc76ea63 release/0.7 | ||
9 | |||
10 | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind | ||
11 | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | ||
12 | (cherry picked from commit 3ae610451170cd5a28b33950006ff0bd23036845) | ||
13 | |||
14 | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | ||
15 | --- | ||
16 | libavcodec/roqvideodec.c | 6 ++++++ | ||
17 | 1 file changed, 6 insertions(+) | ||
18 | |||
19 | diff --git a/libavcodec/roqvideodec.c b/libavcodec/roqvideodec.c | ||
20 | index f0977f6..4e34231 100644 | ||
21 | --- a/gst-libs/ext/libav/libavcodec/roqvideodec.c | ||
22 | +++ b/gst-libs/ext/libav/libavcodec/roqvideodec.c | ||
23 | @@ -157,6 +157,12 @@ static av_cold int roq_decode_init(AVCodecContext *avctx) | ||
24 | RoqContext *s = avctx->priv_data; | ||
25 | |||
26 | s->avctx = avctx; | ||
27 | + | ||
28 | + if (avctx->width%16 || avctx->height%16) { | ||
29 | + av_log_ask_for_sample(avctx, "dimensions not being a multiple of 16 are unsupported\n"); | ||
30 | + return AVERROR_PATCHWELCOME; | ||
31 | + } | ||
32 | + | ||
33 | s->width = avctx->width; | ||
34 | s->height = avctx->height; | ||
35 | avcodec_get_frame_defaults(&s->frames[0]); | ||
36 | -- | ||