diff options
author | Kiran Surendran <Kiran.Surendran@windriver.com> | 2021-09-15 08:24:24 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-17 21:31:37 +0100 |
commit | 01009831edce4dcb53f9f691ff3428aee99d25ae (patch) | |
tree | 5a5c6f52fff6a010c59c191f8f72fcd994dbe298 /meta | |
parent | 0cc1b4141dc840f36530f71b8b1d2a39e9f227ea (diff) | |
download | poky-01009831edce4dcb53f9f691ff3428aee99d25ae.tar.gz |
ffmpeg: fix CVE-2021-38171
backport from upstream
(From OE-Core rev: 130af0502d1ae6fe3721b83ff5218e3aa48dbf0d)
Signed-off-by: Kiran Surendran <Kiran.Surendran@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch | 40 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch new file mode 100644 index 0000000000..8775acd8c5 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | CVE: CVE-2021-38171 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com> | ||
4 | |||
5 | From d5373a9efb10c1fa87698ee41370fb04dc2e410b Mon Sep 17 00:00:00 2001 | ||
6 | From: maryam ebrahimzadeh <me22bee@outlook.com> | ||
7 | Date: Wed, 4 Aug 2021 16:15:18 -0400 | ||
8 | Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in | ||
9 | adts_decode_extradata | ||
10 | |||
11 | As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary. | ||
12 | 'buf' is part of 'AVPacket pkt'. | ||
13 | replace init_get_bits with init_get_bits8. | ||
14 | |||
15 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
16 | --- | ||
17 | libavformat/adtsenc.c | 6 ++++-- | ||
18 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c | ||
21 | index d937e2bea9..a1593515e1 100644 | ||
22 | --- a/libavformat/adtsenc.c | ||
23 | +++ b/libavformat/adtsenc.c | ||
24 | @@ -50,9 +50,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui | ||
25 | GetBitContext gb; | ||
26 | PutBitContext pb; | ||
27 | MPEG4AudioConfig m4ac; | ||
28 | - int off; | ||
29 | + int off, ret; | ||
30 | |||
31 | - init_get_bits(&gb, buf, size * 8); | ||
32 | + ret = init_get_bits8(&gb, buf, size); | ||
33 | + if (ret < 0) | ||
34 | + return ret; | ||
35 | off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s); | ||
36 | if (off < 0) | ||
37 | return off; | ||
38 | -- | ||
39 | 2.31.1 | ||
40 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb index 3e7ceb859f..3162617336 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | |||
@@ -32,6 +32,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ | |||
32 | file://fix-CVE-2020-22021.patch \ | 32 | file://fix-CVE-2020-22021.patch \ |
33 | file://fix-CVE-2020-22033-CVE-2020-22019.patch \ | 33 | file://fix-CVE-2020-22033-CVE-2020-22019.patch \ |
34 | file://fix-CVE-2021-38291.patch \ | 34 | file://fix-CVE-2021-38291.patch \ |
35 | file://fix-CVE-2021-38171.patch \ | ||
35 | " | 36 | " |
36 | SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb" | 37 | SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb" |
37 | 38 | ||