diff options
| author | Archana Polampalli <archana.polampalli@windriver.com> | 2024-11-21 06:45:48 +0000 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-11-27 06:27:25 -0800 |
| commit | b7d06a657a2647d8e1863fcf4f0f473db1396a86 (patch) | |
| tree | a2dc5e23e965596970f9b87be7daf3097bb68ecb | |
| parent | 3be25b503f789bde65e822ed835f7d81f6670858 (diff) | |
| download | poky-b7d06a657a2647d8e1863fcf4f0f473db1396a86.tar.gz | |
ffmpeg: fix CVE-2024-32230
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param
bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
(From OE-Core rev: 6eb7dc3eecbbe115f95864d587fb3d5557321973)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch | 35 | ||||
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 |
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch new file mode 100644 index 0000000000..0617b9b123 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Michael Niedermayer <michael@niedermayer.cc> | ||
| 3 | Date: Mon, 8 Apr 2024 18:38:42 +0200 | ||
| 4 | Subject: [PATCH] avcodec/mpegvideo_enc: Fix 1 line and one column images | ||
| 5 | |||
| 6 | Fixes: Ticket10952 | ||
| 7 | Fixes: poc21ffmpeg | ||
| 8 | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | ||
| 9 | |||
| 10 | CVE: CVE-2024-32230 | ||
| 11 | |||
| 12 | Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1] | ||
| 13 | |||
| 14 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
| 15 | --- | ||
| 16 | libavcodec/mpegvideo_enc.c | 4 ++-- | ||
| 17 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c | ||
| 20 | index 128d1a3..3bd84cd 100644 | ||
| 21 | --- a/libavcodec/mpegvideo_enc.c | ||
| 22 | +++ b/libavcodec/mpegvideo_enc.c | ||
| 23 | @@ -1130,8 +1130,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg) | ||
| 24 | int dst_stride = i ? s->uvlinesize : s->linesize; | ||
| 25 | int h_shift = i ? h_chroma_shift : 0; | ||
| 26 | int v_shift = i ? v_chroma_shift : 0; | ||
| 27 | - int w = s->width >> h_shift; | ||
| 28 | - int h = s->height >> v_shift; | ||
| 29 | + int w = AV_CEIL_RSHIFT(s->width , h_shift); | ||
| 30 | + int h = AV_CEIL_RSHIFT(s->height, v_shift); | ||
| 31 | uint8_t *src = pic_arg->data[i]; | ||
| 32 | uint8_t *dst = pic->f->data[i]; | ||
| 33 | int vpad = 16; | ||
| 34 | -- | ||
| 35 | 2.40.0 | ||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 1295d5cdf1..40963d1254 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | |||
| @@ -29,6 +29,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ | |||
| 29 | file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \ | 29 | file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \ |
| 30 | file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ | 30 | file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ |
| 31 | file://CVE-2022-48434.patch \ | 31 | file://CVE-2022-48434.patch \ |
| 32 | file://CVE-2024-32230.patch \ | ||
| 32 | " | 33 | " |
| 33 | 34 | ||
| 34 | SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" | 35 | SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" |