1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch
new file mode 100644
index 0000000000..febf49cff2
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch
@@ -0,0 +1,41 @@
+From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Date: Tue, 15 Feb 2022 17:58:08 +0800
+Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
+Since the av_malloc() may fail and return NULL pointer,
+it is needed that the 's->edge_emu_buffer' should be checked
+whether the new allocation is success.
+Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
+CVE: CVE-2022-3109
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
+Comments: Refreshed hunk
+Reviewed-by: Peter Ross <pross@xvid.org>
+Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ libavcodec/vp3.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
+index e9ab54d73677..e2418eb6fa04 100644
+--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
+@@ -2740,8 +2740,13 @@
+     if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0)
+         goto error;
+ 
+-    if (!s->edge_emu_buffer)
+    if (!s->edge_emu_buffer) {
+         s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
+        if (!s->edge_emu_buffer) {
+            ret = AVERROR(ENOMEM);
+            goto error;
+        }
+    }
+ 
+     if (s->keyframe) {
+         if (!s->theora) {

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch new file mode 100644 index 0000000000..febf49cff2 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch
@@ -0,0 +1,41 @@
	1	From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
	2	From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
	3	Date: Tue, 15 Feb 2022 17:58:08 +0800
	4	Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
	5
	6	Since the av_malloc() may fail and return NULL pointer,
	7	it is needed that the 's->edge_emu_buffer' should be checked
	8	whether the new allocation is success.
	9
	10	Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
	11
	12	CVE: CVE-2022-3109
	13	Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
	14	Comments: Refreshed hunk
	15
	16	Reviewed-by: Peter Ross <pross@xvid.org>
	17	Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
	18	Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
	19	---
	20	libavcodec/vp3.c \| 7 ++++++-
	21	1 file changed, 6 insertions(+), 1 deletion(-)
	22
	23	diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
	24	index e9ab54d73677..e2418eb6fa04 100644
	25	--- a/libavcodec/vp3.c
	26	+++ b/libavcodec/vp3.c
	27	@@ -2740,8 +2740,13 @@
	28	if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0)
	29	goto error;
	30
	31	- if (!s->edge_emu_buffer)
	32	+ if (!s->edge_emu_buffer) {
	33	s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
	34	+ if (!s->edge_emu_buffer) {
	35	+ ret = AVERROR(ENOMEM);
	36	+ goto error;
	37	+ }
	38	+ }
	39
	40	if (s->keyframe) {
	41	if (!s->theora) {