summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArchana Polampalli <archana.polampalli@windriver.com>2025-01-03 07:11:37 +0000
committerSteve Sakoman <steve@sakoman.com>2025-01-09 08:41:04 -0800
commitd078ab757714389d80cb2857a4f3d5958033f902 (patch)
tree628a95e5d83f2cd32924de7a1400ff2e969339bb
parentc17700b7845a899d40bcd7012c46d984f12e6fab (diff)
downloadpoky-d078ab757714389d80cb2857a4f3d5958033f902.tar.gz
ffmpeg: fix CVE-2024-35367
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer (From OE-Core rev: 623dd997856903be54d75e819f93d313b04edd8e) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch47
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb1
2 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch
new file mode 100644
index 0000000000..69d42955da
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch
@@ -0,0 +1,47 @@
1From 09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 Mon Sep 17 00:00:00 2001
2From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
3Date: Wed, 13 Mar 2024 02:10:26 +0100
4Subject: [PATCH] avcodec/ppc/vp8dsp_altivec: Fix out-of-bounds access
5
6h_subpel_filters_inner[i] and h_subpel_filters_outer[i / 2]
7belong together and the former allows the range 0..6,
8so the latter needs to support 0..3. But it has only three
9elements. Add another one.
10The value for the last element has been guesstimated
11from subpel_filters in libavcodec/vp8dsp.c.
12
13This is also intended to fix FATE-failures with UBSan here:
14https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
15
16Tested-by: Sean McGovern <gseanmcg@gmail.com>
17Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
18
19CVE: CVE-2024-35367
20
21Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667]
22
23Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
24---
25 libavcodec/ppc/vp8dsp_altivec.c | 3 ++-
26 1 file changed, 2 insertions(+), 1 deletion(-)
27
28diff --git a/libavcodec/ppc/vp8dsp_altivec.c b/libavcodec/ppc/vp8dsp_altivec.c
29index 12dac8b0a8..061914fc38 100644
30--- a/libavcodec/ppc/vp8dsp_altivec.c
31+++ b/libavcodec/ppc/vp8dsp_altivec.c
32@@ -50,11 +50,12 @@ static const vec_s8 h_subpel_filters_inner[7] =
33 // for 6tap filters, these are the outer two taps
34 // The zeros mask off pixels 4-7 when filtering 0-3
35 // and vice-versa
36-static const vec_s8 h_subpel_filters_outer[3] =
37+static const vec_s8 h_subpel_filters_outer[4] =
38 {
39 REPT4(0, 0, 2, 1),
40 REPT4(0, 0, 3, 3),
41 REPT4(0, 0, 1, 2),
42+ REPT4(0, 0, 0, 0),
43 };
44
45 #define LOAD_H_SUBPEL_FILTER(i) \
46--
472.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 39d79c343d..ac4ade276c 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -41,6 +41,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
41 file://CVE-2023-51796.patch \ 41 file://CVE-2023-51796.patch \
42 file://CVE-2024-7055.patch \ 42 file://CVE-2024-7055.patch \
43 file://CVE-2024-35366.patch \ 43 file://CVE-2024-35366.patch \
44 file://CVE-2024-35367.patch \
44 " 45 "
45 46
46SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" 47SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"