diff options
author | Mingli Yu <Mingli.Yu@windriver.com> | 2018-09-06 17:33:28 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-10 12:13:06 +0100 |
commit | 8f8a10e05ecd19fdf161526978a74d0fc19f314b (patch) | |
tree | 565d44c1dac3260f0b0ff8404af4ccc4828a55a4 /meta/recipes-multimedia | |
parent | 688611a5edd7a90f05f8501bf29f7ba8cf4c07fc (diff) | |
download | poky-8f8a10e05ecd19fdf161526978a74d0fc19f314b.tar.gz |
ffmpeg: Fix CVE-2018-15822
Fixes: Assertion failure
Fixes: assert_flvenc.c:941_1.swf
(From OE-Core rev: 23393330a599403085437cb62169bb3a2375c07a)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2018-15822.patch | 37 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_4.0.2.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2018-15822.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2018-15822.patch new file mode 100644 index 0000000000..7d5868a72a --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2018-15822.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
3 | Date: Sat, 28 Jul 2018 15:03:50 +0200 | ||
4 | Subject: [PATCH] avformat/flvenc: Check audio packet size | ||
5 | |||
6 | Fixes: Assertion failure | ||
7 | Fixes: assert_flvenc.c:941_1.swf | ||
8 | |||
9 | Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10] | ||
10 | CVE: CVE-2018-15822 | ||
11 | |||
12 | Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg> | ||
13 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
14 | Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> | ||
15 | --- | ||
16 | libavformat/flvenc.c | 5 +++++ | ||
17 | 1 file changed, 5 insertions(+) | ||
18 | |||
19 | diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c | ||
20 | index 1c552a3e6b..e4863f1fc7 100644 | ||
21 | --- a/libavformat/flvenc.c | ||
22 | +++ b/libavformat/flvenc.c | ||
23 | @@ -883,6 +883,11 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt) | ||
24 | int flags = -1, flags_size, ret; | ||
25 | int64_t cur_offset = avio_tell(pb); | ||
26 | |||
27 | + if (par->codec_type == AVMEDIA_TYPE_AUDIO && !pkt->size) { | ||
28 | + av_log(s, AV_LOG_WARNING, "Empty audio Packet\n"); | ||
29 | + return AVERROR(EINVAL); | ||
30 | + } | ||
31 | + | ||
32 | if (par->codec_id == AV_CODEC_ID_VP6F || par->codec_id == AV_CODEC_ID_VP6A || | ||
33 | par->codec_id == AV_CODEC_ID_VP6 || par->codec_id == AV_CODEC_ID_AAC) | ||
34 | flags_size = 2; | ||
35 | -- | ||
36 | 2.17.1 | ||
37 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.0.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.0.2.bb index 57731e81e6..74c8e6692f 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.0.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.0.2.bb | |||
@@ -25,6 +25,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ | |||
25 | 25 | ||
26 | SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ | 26 | SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ |
27 | file://mips64_cpu_detection.patch \ | 27 | file://mips64_cpu_detection.patch \ |
28 | file://CVE-2018-15822.patch \ | ||
28 | " | 29 | " |
29 | SRC_URI[md5sum] = "ae0bfdf809306a212b4f0e6eb8d1c75e" | 30 | SRC_URI[md5sum] = "ae0bfdf809306a212b4f0e6eb8d1c75e" |
30 | SRC_URI[sha256sum] = "a95c0cc9eb990e94031d2183f2e6e444cc61c99f6f182d1575c433d62afb2f97" | 31 | SRC_URI[sha256sum] = "a95c0cc9eb990e94031d2183f2e6e444cc61c99f6f182d1575c433d62afb2f97" |