ffmpeg: fix CVE-2020-20446

avcodec/aacpsy: Avoid floating point division by 0 of norm_fac Fixes: Ticket7995 Fixes: CVE-2020-20446 (From OE-Core rev: f95b512e0bd506339c83081071c83000604dd105) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> CVE: CVE-2020-20446 Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002] Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Tony Tascioglu <tony.tascioglu@windriver.com> 2021-08-20 14:31:53 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-08-26 08:32:13 +0100
commit: 5dffafd6c9f540ec76504c7ecc022c3b2ac9b627 (patch)
tree: da1ae7de461d9ee0eed2dc57284d73102d053fd1 /meta
parent: e35dc77f77f9ab3f3a96819201bc84fb14e205a8 (diff)
download: poky-5dffafd6c9f540ec76504c7ecc022c3b2ac9b627.tar.gz
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch
new file mode 100644
index 0000000000..4fe80cffa1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch
@@ -0,0 +1,35 @@
+From 073bad2fcae5be78c11a1623a20319107dfae9f8 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Fri, 28 May 2021 20:18:25 +0200
+Subject: [PATCH 1/5] avcodec/aacpsy: Avoid floating point division by 0 of
+ norm_fac
+Fixes: Ticket7995
+Fixes: CVE-2020-20446
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+CVE: CVE-2020-20446
+Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002]
+Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
+---
+ libavcodec/aacpsy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c
+index fca692cb15..bd444fecdc 100644
+--- a/libavcodec/aacpsy.c
+++ b/libavcodec/aacpsy.c
+@@ -794,7 +794,7 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel,
+ 
+         if (pe < 1.15f * desired_pe) {
+             /* 6.6.1.3.6 "Final threshold modification by linearization" */
+-            norm_fac = 1.0f / norm_fac;
+            norm_fac = norm_fac ? 1.0f / norm_fac : 0;
+             for (w = 0; w < wi->num_windows*16; w += 16) {
+                 for (g = 0; g < num_bands; g++) {
+                     AacPsyBand *band = &pch->band[w+g];
+-- 
+2.32.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 08be38ca50..b4fbebe414 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
           file://mips64_cpu_detection.patch \
           file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
+           file://fix-CVE-2020-20446.patch \
           "
 SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
author	Tony Tascioglu <tony.tascioglu@windriver.com>	2021-08-20 14:31:53 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-26 08:32:13 +0100
commit	5dffafd6c9f540ec76504c7ecc022c3b2ac9b627 (patch)
tree	da1ae7de461d9ee0eed2dc57284d73102d053fd1 /meta
parent	e35dc77f77f9ab3f3a96819201bc84fb14e205a8 (diff)
download	poky-5dffafd6c9f540ec76504c7ecc022c3b2ac9b627.tar.gz

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch new file mode 100644 index 0000000000..4fe80cffa1 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch
@@ -0,0 +1,35 @@
		1	From 073bad2fcae5be78c11a1623a20319107dfae9f8 Mon Sep 17 00:00:00 2001
		2	From: Michael Niedermayer <michael@niedermayer.cc>
		3	Date: Fri, 28 May 2021 20:18:25 +0200
		4	Subject: [PATCH 1/5] avcodec/aacpsy: Avoid floating point division by 0 of
		5	norm_fac
		6
		7	Fixes: Ticket7995
		8	Fixes: CVE-2020-20446
		9
		10	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
		11
		12	CVE: CVE-2020-20446
		13	Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002]
		14
		15	Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
		16	---
		17	libavcodec/aacpsy.c \| 2 +-
		18	1 file changed, 1 insertion(+), 1 deletion(-)
		19
		20	diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c
		21	index fca692cb15..bd444fecdc 100644
		22	--- a/libavcodec/aacpsy.c
		23	+++ b/libavcodec/aacpsy.c
		24	@@ -794,7 +794,7 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel,
		25
		26	if (pe < 1.15f * desired_pe) {
		27	/* 6.6.1.3.6 "Final threshold modification by linearization" */
		28	- norm_fac = 1.0f / norm_fac;
		29	+ norm_fac = norm_fac ? 1.0f / norm_fac : 0;
		30	for (w = 0; w < wi->num_windows*16; w += 16) {
		31	for (g = 0; g < num_bands; g++) {
		32	AacPsyBand *band = &pch->band[w+g];
		33	--
		34	2.32.0
		35


diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb index 08be38ca50..b4fbebe414 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -26,6 +26,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
26	SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \	26	SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
27	file://mips64_cpu_detection.patch \	27	file://mips64_cpu_detection.patch \
28	file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \	28	file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
		29	file://fix-CVE-2020-20446.patch \
29	"	30	"
30	SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"	31	SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
31		32