diff options
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch | 36 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch new file mode 100644 index 0000000000..bd8a08a216 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
2 | Date: Sun, 27 Feb 2022 14:43:04 +0100 | ||
3 | Subject: [PATCH] avcodec/g729_parser: Check channels | ||
4 | |||
5 | Fixes: signed integer overflow: 10 * 808464428 cannot be represented in type 'int' | ||
6 | Fixes: assertion failure | ||
7 | Fixes: ticket9651 | ||
8 | |||
9 | Reviewed-by: Paul B Mahol <onemda@gmail.com> | ||
10 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
11 | (cherry picked from commit 757da974b21833529cc41bdcc9684c29660cdfa8) | ||
12 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
13 | |||
14 | CVE: CVE-2022-1475 | ||
15 | Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f] | ||
16 | Comment: Patch is refreshed as per ffmpeg codebase | ||
17 | Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> | ||
18 | |||
19 | --- | ||
20 | libavcodec/g729_parser.c | 3 +++ | ||
21 | 1 file changed, 3 insertions(+) | ||
22 | |||
23 | Index: ffmpeg-4.2.2/libavcodec/g729_parser.c | ||
24 | =================================================================== | ||
25 | --- a/libavcodec/g729_parser.c | ||
26 | +++ b/libavcodec/g729_parser.c | ||
27 | @@ -48,6 +48,9 @@ static int g729_parse(AVCodecParserConte | ||
28 | av_assert1(avctx->codec_id == AV_CODEC_ID_G729); | ||
29 | /* FIXME: replace this heuristic block_size with more precise estimate */ | ||
30 | s->block_size = (avctx->bit_rate < 8000) ? G729D_6K4_BLOCK_SIZE : G729_8K_BLOCK_SIZE; | ||
31 | + // channels > 2 is invalid, we pass the packet on unchanged | ||
32 | + if (avctx->channels > 2) | ||
33 | + s->block_size = 0; | ||
34 | s->block_size *= avctx->channels; | ||
35 | s->duration = avctx->frame_size; | ||
36 | } | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb index 1d6f2e528b..cbfdbf0563 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | |||
@@ -29,6 +29,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ | |||
29 | file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ | 29 | file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ |
30 | file://CVE-2021-3566.patch \ | 30 | file://CVE-2021-3566.patch \ |
31 | file://CVE-2021-38291.patch \ | 31 | file://CVE-2021-38291.patch \ |
32 | file://CVE-2022-1475.patch \ | ||
32 | " | 33 | " |
33 | SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" | 34 | SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" |
34 | SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" | 35 | SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" |