1 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch
new file mode 100644
index 0000000000..fcbd9b3e1b
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch
@@ -0,0 +1,67 @@
+From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Date: Wed, 23 Feb 2022 10:31:59 +0800
+Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream
+Check for failure of avformat_new_stream() and propagate
+the error code.
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+CVE: CVE-2022-3341
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e]
+Comments: Refreshed Hunk
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ libavformat/nutdec.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
+index 0a8a700acf..f9ad2c0af1 100644
+--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
+@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut)
+         ret = AVERROR(ENOMEM);
+         goto fail;
+     }
+-    for (i = 0; i < stream_count; i++)
+-        avformat_new_stream(s, NULL);
+    for (i = 0; i < stream_count; i++) {
+        if (!avformat_new_stream(s, NULL)) {
+            ret = AVERROR(ENOMEM);
+            goto fail;
+        }
+    }
+ 
+     return 0;
+ fail:
+@@ -793,19 +793,23 @@
+     NUTContext *nut = s->priv_data;
+     AVIOContext *bc = s->pb;
+     int64_t pos;
+-    int initialized_stream_count;
+    int initialized_stream_count, ret;
+ 
+     nut->avf = s;
+ 
+     /* main header */
+     pos = 0;
+    ret = 0;
+     do {
+        if (ret == AVERROR(ENOMEM))
+            return ret;
+
+         pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
+         if (pos < 0 + 1) {
+             av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
+             goto fail;
+         }
+-    } while (decode_main_header(nut) < 0);
+    } while ((ret = decode_main_header(nut)) < 0);
+ 
+     /* stream headers */
+     pos = 0;

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch new file mode 100644 index 0000000000..fcbd9b3e1b --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch
@@ -0,0 +1,67 @@
	1	From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001
	2	From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
	3	Date: Wed, 23 Feb 2022 10:31:59 +0800
	4	Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream
	5
	6	Check for failure of avformat_new_stream() and propagate
	7	the error code.
	8
	9	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
	10
	11	CVE: CVE-2022-3341
	12
	13	Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e]
	14
	15	Comments: Refreshed Hunk
	16	Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
	17	Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
	18	---
	19	libavformat/nutdec.c \| 16 ++++++++++++----
	20	1 file changed, 12 insertions(+), 4 deletions(-)
	21
	22	diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
	23	index 0a8a700acf..f9ad2c0af1 100644
	24	--- a/libavformat/nutdec.c
	25	+++ b/libavformat/nutdec.c
	26	@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut)
	27	ret = AVERROR(ENOMEM);
	28	goto fail;
	29	}
	30	- for (i = 0; i < stream_count; i++)
	31	- avformat_new_stream(s, NULL);
	32	+ for (i = 0; i < stream_count; i++) {
	33	+ if (!avformat_new_stream(s, NULL)) {
	34	+ ret = AVERROR(ENOMEM);
	35	+ goto fail;
	36	+ }
	37	+ }
	38
	39	return 0;
	40	fail:
	41	@@ -793,19 +793,23 @@
	42	NUTContext *nut = s->priv_data;
	43	AVIOContext *bc = s->pb;
	44	int64_t pos;
	45	- int initialized_stream_count;
	46	+ int initialized_stream_count, ret;
	47
	48	nut->avf = s;
	49
	50	/* main header */
	51	pos = 0;
	52	+ ret = 0;
	53	do {
	54	+ if (ret == AVERROR(ENOMEM))
	55	+ return ret;
	56	+
	57	pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
	58	if (pos < 0 + 1) {
	59	av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
	60	goto fail;
	61	}
	62	- } while (decode_main_header(nut) < 0);
	63	+ } while ((ret = decode_main_header(nut)) < 0);
	64
	65	/* stream headers */
	66	pos = 0;
	67