diff options
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg')
7 files changed, 401 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch new file mode 100644 index 0000000000..abfc024820 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From 3bce9e9b3ea35c54bacccc793d7da99ea5157532 Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul B Mahol <onemda@gmail.com> | ||
3 | Date: Mon, 27 Jan 2020 21:53:08 +0100 | ||
4 | Subject: [PATCH] avformat/tty: add probe function | ||
5 | |||
6 | CVE: CVE-2021-3566 | ||
7 | Signed-off-by: Saloni Jain <salonij@kpit.com> | ||
8 | |||
9 | Upstream-Status: Backport [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54bacccc793d7da99ea5157532] | ||
10 | Comment: No changes/refreshing done. | ||
11 | --- | ||
12 | libavformat/tty.c | 21 ++++++++++++++++++++- | ||
13 | 1 file changed, 20 insertions(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/libavformat/tty.c b/libavformat/tty.c | ||
16 | index 8d48f2c45c12..60f7e9f87ee7 100644 | ||
17 | --- a/libavformat/tty.c | ||
18 | +++ b/libavformat/tty.c | ||
19 | @@ -34,6 +34,13 @@ | ||
20 | #include "internal.h" | ||
21 | #include "sauce.h" | ||
22 | |||
23 | +static int isansicode(int x) | ||
24 | +{ | ||
25 | + return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f); | ||
26 | +} | ||
27 | + | ||
28 | +static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt"; | ||
29 | + | ||
30 | typedef struct TtyDemuxContext { | ||
31 | AVClass *class; | ||
32 | int chars_per_frame; | ||
33 | @@ -42,6 +49,17 @@ typedef struct TtyDemuxContext { | ||
34 | AVRational framerate; /**< Set by a private option. */ | ||
35 | } TtyDemuxContext; | ||
36 | |||
37 | +static int read_probe(const AVProbeData *p) | ||
38 | +{ | ||
39 | + int cnt = 0; | ||
40 | + | ||
41 | + for (int i = 0; i < p->buf_size; i++) | ||
42 | + cnt += !!isansicode(p->buf[i]); | ||
43 | + | ||
44 | + return (cnt * 100LL / p->buf_size) * (cnt > 400) * | ||
45 | + !!av_match_ext(p->filename, tty_extensions); | ||
46 | +} | ||
47 | + | ||
48 | /** | ||
49 | * Parse EFI header | ||
50 | */ | ||
51 | @@ -153,8 +171,9 @@ AVInputFormat ff_tty_demuxer = { | ||
52 | .name = "tty", | ||
53 | .long_name = NULL_IF_CONFIG_SMALL("Tele-typewriter"), | ||
54 | .priv_data_size = sizeof(TtyDemuxContext), | ||
55 | + .read_probe = read_probe, | ||
56 | .read_header = read_header, | ||
57 | .read_packet = read_packet, | ||
58 | - .extensions = "ans,art,asc,diz,ice,nfo,txt,vt", | ||
59 | + .extensions = tty_extensions, | ||
60 | .priv_class = &tty_demuxer_class, | ||
61 | }; | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch new file mode 100644 index 0000000000..e5be985fc3 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From e01d306c647b5827102260b885faa223b646d2d1 Mon Sep 17 00:00:00 2001 | ||
2 | From: James Almer <jamrial@gmail.com> | ||
3 | Date: Wed, 21 Jul 2021 01:02:44 -0300 | ||
4 | Subject: [PATCH] avcodec/utils: don't return negative values in | ||
5 | av_get_audio_frame_duration() | ||
6 | |||
7 | In some extrme cases, like with adpcm_ms samples with an extremely high channel | ||
8 | count, get_audio_frame_duration() may return a negative frame duration value. | ||
9 | Don't propagate it, and instead return 0, signaling that a duration could not | ||
10 | be determined. | ||
11 | |||
12 | CVE: CVE-2021-3566 | ||
13 | Fixes ticket #9312 | ||
14 | Signed-off-by: James Almer <jamrial@gmail.com> | ||
15 | Signed-off-by: Saloni Jain <salonij@kpit.com> | ||
16 | |||
17 | Upstream-Status: Backport [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1] | ||
18 | Comment: No changes/refreshing done. | ||
19 | --- | ||
20 | libavcodec/utils.c | 6 ++++-- | ||
21 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
22 | |||
23 | diff --git a/libavcodec/utils.c b/libavcodec/utils.c | ||
24 | index 5fad782f5a..cfc07cbcb8 100644 | ||
25 | --- a/libavcodec/utils.c | ||
26 | +++ b/libavcodec/utils.c | ||
27 | @@ -810,20 +810,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, | ||
28 | |||
29 | int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes) | ||
30 | { | ||
31 | - return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, | ||
32 | + int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, | ||
33 | avctx->channels, avctx->block_align, | ||
34 | avctx->codec_tag, avctx->bits_per_coded_sample, | ||
35 | avctx->bit_rate, avctx->extradata, avctx->frame_size, | ||
36 | frame_bytes); | ||
37 | + return FFMAX(0, duration); | ||
38 | } | ||
39 | |||
40 | int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes) | ||
41 | { | ||
42 | - return get_audio_frame_duration(par->codec_id, par->sample_rate, | ||
43 | + int duration = get_audio_frame_duration(par->codec_id, par->sample_rate, | ||
44 | par->channels, par->block_align, | ||
45 | par->codec_tag, par->bits_per_coded_sample, | ||
46 | par->bit_rate, par->extradata, par->frame_size, | ||
47 | frame_bytes); | ||
48 | + return FFMAX(0, duration); | ||
49 | } | ||
50 | |||
51 | #if !HAVE_THREADS | ||
52 | -- | ||
53 | 2.20.1 | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch new file mode 100644 index 0000000000..bd8a08a216 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
2 | Date: Sun, 27 Feb 2022 14:43:04 +0100 | ||
3 | Subject: [PATCH] avcodec/g729_parser: Check channels | ||
4 | |||
5 | Fixes: signed integer overflow: 10 * 808464428 cannot be represented in type 'int' | ||
6 | Fixes: assertion failure | ||
7 | Fixes: ticket9651 | ||
8 | |||
9 | Reviewed-by: Paul B Mahol <onemda@gmail.com> | ||
10 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
11 | (cherry picked from commit 757da974b21833529cc41bdcc9684c29660cdfa8) | ||
12 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
13 | |||
14 | CVE: CVE-2022-1475 | ||
15 | Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f] | ||
16 | Comment: Patch is refreshed as per ffmpeg codebase | ||
17 | Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> | ||
18 | |||
19 | --- | ||
20 | libavcodec/g729_parser.c | 3 +++ | ||
21 | 1 file changed, 3 insertions(+) | ||
22 | |||
23 | Index: ffmpeg-4.2.2/libavcodec/g729_parser.c | ||
24 | =================================================================== | ||
25 | --- a/libavcodec/g729_parser.c | ||
26 | +++ b/libavcodec/g729_parser.c | ||
27 | @@ -48,6 +48,9 @@ static int g729_parse(AVCodecParserConte | ||
28 | av_assert1(avctx->codec_id == AV_CODEC_ID_G729); | ||
29 | /* FIXME: replace this heuristic block_size with more precise estimate */ | ||
30 | s->block_size = (avctx->bit_rate < 8000) ? G729D_6K4_BLOCK_SIZE : G729_8K_BLOCK_SIZE; | ||
31 | + // channels > 2 is invalid, we pass the packet on unchanged | ||
32 | + if (avctx->channels > 2) | ||
33 | + s->block_size = 0; | ||
34 | s->block_size *= avctx->channels; | ||
35 | s->duration = avctx->frame_size; | ||
36 | } | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch new file mode 100644 index 0000000000..febf49cff2 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jiasheng Jiang <jiasheng@iscas.ac.cn> | ||
3 | Date: Tue, 15 Feb 2022 17:58:08 +0800 | ||
4 | Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc | ||
5 | |||
6 | Since the av_malloc() may fail and return NULL pointer, | ||
7 | it is needed that the 's->edge_emu_buffer' should be checked | ||
8 | whether the new allocation is success. | ||
9 | |||
10 | Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048") | ||
11 | |||
12 | CVE: CVE-2022-3109 | ||
13 | Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568] | ||
14 | Comments: Refreshed hunk | ||
15 | |||
16 | Reviewed-by: Peter Ross <pross@xvid.org> | ||
17 | Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> | ||
18 | Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> | ||
19 | --- | ||
20 | libavcodec/vp3.c | 7 ++++++- | ||
21 | 1 file changed, 6 insertions(+), 1 deletion(-) | ||
22 | |||
23 | diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c | ||
24 | index e9ab54d73677..e2418eb6fa04 100644 | ||
25 | --- a/libavcodec/vp3.c | ||
26 | +++ b/libavcodec/vp3.c | ||
27 | @@ -2740,8 +2740,13 @@ | ||
28 | if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0) | ||
29 | goto error; | ||
30 | |||
31 | - if (!s->edge_emu_buffer) | ||
32 | + if (!s->edge_emu_buffer) { | ||
33 | s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0])); | ||
34 | + if (!s->edge_emu_buffer) { | ||
35 | + ret = AVERROR(ENOMEM); | ||
36 | + goto error; | ||
37 | + } | ||
38 | + } | ||
39 | |||
40 | if (s->keyframe) { | ||
41 | if (!s->theora) { | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch new file mode 100644 index 0000000000..fcbd9b3e1b --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch | |||
@@ -0,0 +1,67 @@ | |||
1 | From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001 | ||
2 | From: Jiasheng Jiang <jiasheng@iscas.ac.cn> | ||
3 | Date: Wed, 23 Feb 2022 10:31:59 +0800 | ||
4 | Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream | ||
5 | |||
6 | Check for failure of avformat_new_stream() and propagate | ||
7 | the error code. | ||
8 | |||
9 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
10 | |||
11 | CVE: CVE-2022-3341 | ||
12 | |||
13 | Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e] | ||
14 | |||
15 | Comments: Refreshed Hunk | ||
16 | Signed-off-by: Narpat Mali <narpat.mali@windriver.com> | ||
17 | Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> | ||
18 | --- | ||
19 | libavformat/nutdec.c | 16 ++++++++++++---- | ||
20 | 1 file changed, 12 insertions(+), 4 deletions(-) | ||
21 | |||
22 | diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c | ||
23 | index 0a8a700acf..f9ad2c0af1 100644 | ||
24 | --- a/libavformat/nutdec.c | ||
25 | +++ b/libavformat/nutdec.c | ||
26 | @@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut) | ||
27 | ret = AVERROR(ENOMEM); | ||
28 | goto fail; | ||
29 | } | ||
30 | - for (i = 0; i < stream_count; i++) | ||
31 | - avformat_new_stream(s, NULL); | ||
32 | + for (i = 0; i < stream_count; i++) { | ||
33 | + if (!avformat_new_stream(s, NULL)) { | ||
34 | + ret = AVERROR(ENOMEM); | ||
35 | + goto fail; | ||
36 | + } | ||
37 | + } | ||
38 | |||
39 | return 0; | ||
40 | fail: | ||
41 | @@ -793,19 +793,23 @@ | ||
42 | NUTContext *nut = s->priv_data; | ||
43 | AVIOContext *bc = s->pb; | ||
44 | int64_t pos; | ||
45 | - int initialized_stream_count; | ||
46 | + int initialized_stream_count, ret; | ||
47 | |||
48 | nut->avf = s; | ||
49 | |||
50 | /* main header */ | ||
51 | pos = 0; | ||
52 | + ret = 0; | ||
53 | do { | ||
54 | + if (ret == AVERROR(ENOMEM)) | ||
55 | + return ret; | ||
56 | + | ||
57 | pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; | ||
58 | if (pos < 0 + 1) { | ||
59 | av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); | ||
60 | goto fail; | ||
61 | } | ||
62 | - } while (decode_main_header(nut) < 0); | ||
63 | + } while ((ret = decode_main_header(nut)) < 0); | ||
64 | |||
65 | /* stream headers */ | ||
66 | pos = 0; | ||
67 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch new file mode 100644 index 0000000000..707073709a --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch | |||
@@ -0,0 +1,136 @@ | |||
1 | From d4b7b3c03ee2baf0166ce49dff17ec9beff684db Mon Sep 17 00:00:00 2001 | ||
2 | From: Anton Khirnov <anton@khirnov.net> | ||
3 | Date: Fri, 2 Sep 2022 22:21:27 +0200 | ||
4 | Subject: [PATCH] lavc/pthread_frame: avoid leaving stale hwaccel state in | ||
5 | worker threads | ||
6 | |||
7 | This state is not refcounted, so make sure it always has a well-defined | ||
8 | owner. | ||
9 | |||
10 | Remove the block added in 091341f2ab5bd35ca1a2aae90503adc74f8d3523, as | ||
11 | this commit also solves that issue in a more general way. | ||
12 | |||
13 | (cherry picked from commit cc867f2c09d2b69cee8a0eccd62aff002cbbfe11) | ||
14 | Signed-off-by: Anton Khirnov <anton@khirnov.net> | ||
15 | (cherry picked from commit 35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda) | ||
16 | Signed-off-by: Anton Khirnov <anton@khirnov.net> | ||
17 | (cherry picked from commit 3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba) | ||
18 | Signed-off-by: Anton Khirnov <anton@khirnov.net> | ||
19 | |||
20 | CVE: CVE-2022-48434 | ||
21 | Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db] | ||
22 | Signed-off-by: Ranjitsinh Rathod ranjitsinh.rathod@kpit.com | ||
23 | Comment: Hunk#6 refreshed to backport changes and other to remove patch-fuzz warnings | ||
24 | --- | ||
25 | libavcodec/pthread_frame.c | 46 +++++++++++++++++++++++++++++--------- | ||
26 | 1 file changed, 35 insertions(+), 11 deletions(-) | ||
27 | |||
28 | diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c | ||
29 | index 36ac0ac..bbc5ba6 100644 | ||
30 | --- a/libavcodec/pthread_frame.c | ||
31 | +++ b/libavcodec/pthread_frame.c | ||
32 | @@ -135,6 +135,12 @@ typedef struct FrameThreadContext { | ||
33 | * Set for the first N packets, where N is the number of threads. | ||
34 | * While it is set, ff_thread_en/decode_frame won't return any results. | ||
35 | */ | ||
36 | + | ||
37 | + /* hwaccel state is temporarily stored here in order to transfer its ownership | ||
38 | + * to the next decoding thread without the need for extra synchronization */ | ||
39 | + const AVHWAccel *stash_hwaccel; | ||
40 | + void *stash_hwaccel_context; | ||
41 | + void *stash_hwaccel_priv; | ||
42 | } FrameThreadContext; | ||
43 | |||
44 | #define THREAD_SAFE_CALLBACKS(avctx) \ | ||
45 | @@ -211,9 +217,17 @@ static attribute_align_arg void *frame_worker_thread(void *arg) | ||
46 | ff_thread_finish_setup(avctx); | ||
47 | |||
48 | if (p->hwaccel_serializing) { | ||
49 | + /* wipe hwaccel state to avoid stale pointers lying around; | ||
50 | + * the state was transferred to FrameThreadContext in | ||
51 | + * ff_thread_finish_setup(), so nothing is leaked */ | ||
52 | + avctx->hwaccel = NULL; | ||
53 | + avctx->hwaccel_context = NULL; | ||
54 | + avctx->internal->hwaccel_priv_data = NULL; | ||
55 | + | ||
56 | p->hwaccel_serializing = 0; | ||
57 | pthread_mutex_unlock(&p->parent->hwaccel_mutex); | ||
58 | } | ||
59 | + av_assert0(!avctx->hwaccel); | ||
60 | |||
61 | if (p->async_serializing) { | ||
62 | p->async_serializing = 0; | ||
63 | @@ -275,14 +289,10 @@ static int update_context_from_thread(AVCodecContext *dst, AVCodecContext *src, | ||
64 | dst->color_range = src->color_range; | ||
65 | dst->chroma_sample_location = src->chroma_sample_location; | ||
66 | |||
67 | - dst->hwaccel = src->hwaccel; | ||
68 | - dst->hwaccel_context = src->hwaccel_context; | ||
69 | - | ||
70 | dst->channels = src->channels; | ||
71 | dst->sample_rate = src->sample_rate; | ||
72 | dst->sample_fmt = src->sample_fmt; | ||
73 | dst->channel_layout = src->channel_layout; | ||
74 | - dst->internal->hwaccel_priv_data = src->internal->hwaccel_priv_data; | ||
75 | |||
76 | if (!!dst->hw_frames_ctx != !!src->hw_frames_ctx || | ||
77 | (dst->hw_frames_ctx && dst->hw_frames_ctx->data != src->hw_frames_ctx->data)) { | ||
78 | @@ -415,6 +425,12 @@ static int submit_packet(PerThreadContext *p, AVCodecContext *user_avctx, | ||
79 | pthread_mutex_unlock(&p->mutex); | ||
80 | return err; | ||
81 | } | ||
82 | + | ||
83 | + /* transfer hwaccel state stashed from previous thread, if any */ | ||
84 | + av_assert0(!p->avctx->hwaccel); | ||
85 | + FFSWAP(const AVHWAccel*, p->avctx->hwaccel, fctx->stash_hwaccel); | ||
86 | + FFSWAP(void*, p->avctx->hwaccel_context, fctx->stash_hwaccel_context); | ||
87 | + FFSWAP(void*, p->avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv); | ||
88 | } | ||
89 | |||
90 | av_packet_unref(&p->avpkt); | ||
91 | @@ -616,6 +632,14 @@ void ff_thread_finish_setup(AVCodecContext *avctx) { | ||
92 | async_lock(p->parent); | ||
93 | } | ||
94 | |||
95 | + /* save hwaccel state for passing to the next thread; | ||
96 | + * this is done here so that this worker thread can wipe its own hwaccel | ||
97 | + * state after decoding, without requiring synchronization */ | ||
98 | + av_assert0(!p->parent->stash_hwaccel); | ||
99 | + p->parent->stash_hwaccel = avctx->hwaccel; | ||
100 | + p->parent->stash_hwaccel_context = avctx->hwaccel_context; | ||
101 | + p->parent->stash_hwaccel_priv = avctx->internal->hwaccel_priv_data; | ||
102 | + | ||
103 | pthread_mutex_lock(&p->progress_mutex); | ||
104 | if(atomic_load(&p->state) == STATE_SETUP_FINISHED){ | ||
105 | av_log(avctx, AV_LOG_WARNING, "Multiple ff_thread_finish_setup() calls\n"); | ||
106 | @@ -657,13 +681,6 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count) | ||
107 | |||
108 | park_frame_worker_threads(fctx, thread_count); | ||
109 | |||
110 | - if (fctx->prev_thread && fctx->prev_thread != fctx->threads) | ||
111 | - if (update_context_from_thread(fctx->threads->avctx, fctx->prev_thread->avctx, 0) < 0) { | ||
112 | - av_log(avctx, AV_LOG_ERROR, "Final thread update failed\n"); | ||
113 | - fctx->prev_thread->avctx->internal->is_copy = fctx->threads->avctx->internal->is_copy; | ||
114 | - fctx->threads->avctx->internal->is_copy = 1; | ||
115 | - } | ||
116 | - | ||
117 | for (i = 0; i < thread_count; i++) { | ||
118 | PerThreadContext *p = &fctx->threads[i]; | ||
119 | |||
120 | @@ -713,6 +730,13 @@ void ff_frame_thread_free(AVCodecContext *avctx, int thread_count) | ||
121 | pthread_mutex_destroy(&fctx->async_mutex); | ||
122 | pthread_cond_destroy(&fctx->async_cond); | ||
123 | |||
124 | + /* if we have stashed hwaccel state, move it to the user-facing context, | ||
125 | + * so it will be freed in avcodec_close() */ | ||
126 | + av_assert0(!avctx->hwaccel); | ||
127 | + FFSWAP(const AVHWAccel*, avctx->hwaccel, fctx->stash_hwaccel); | ||
128 | + FFSWAP(void*, avctx->hwaccel_context, fctx->stash_hwaccel_context); | ||
129 | + FFSWAP(void*, avctx->internal->hwaccel_priv_data, fctx->stash_hwaccel_priv); | ||
130 | + | ||
131 | av_freep(&avctx->internal->thread_ctx); | ||
132 | |||
133 | if (avctx->priv_data && avctx->codec && avctx->codec->priv_class) | ||
134 | -- | ||
135 | 2.25.1 | ||
136 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb index 0e359848fa..f12052548f 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | |||
@@ -27,7 +27,13 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ | |||
27 | file://mips64_cpu_detection.patch \ | 27 | file://mips64_cpu_detection.patch \ |
28 | file://CVE-2020-12284.patch \ | 28 | file://CVE-2020-12284.patch \ |
29 | file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ | 29 | file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ |
30 | " | 30 | file://CVE-2021-3566.patch \ |
31 | file://CVE-2021-38291.patch \ | ||
32 | file://CVE-2022-1475.patch \ | ||
33 | file://CVE-2022-3109.patch \ | ||
34 | file://CVE-2022-3341.patch \ | ||
35 | file://CVE-2022-48434.patch \ | ||
36 | " | ||
31 | SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" | 37 | SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" |
32 | SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" | 38 | SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" |
33 | 39 | ||