summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-7700.patch52
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb1
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-7700.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-7700.patch
new file mode 100644
index 0000000000..758e38a0b1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-7700.patch
@@ -0,0 +1,52 @@
1From aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e Mon Sep 17 00:00:00 2001
2From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
3Date: Thu, 10 Jul 2025 16:26:39 +0000
4Subject: [PATCH] libavcodec/alsdec.c: Add check for av_malloc_array() and
5 av_calloc()
6
7Add check for the return value of av_malloc_array() and av_calloc()
8to avoid potential NULL pointer dereference.
9
10Fixes: dcfd24b10c ("avcodec/alsdec: Implement floating point sample data decoding")
11Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
12Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13(cherry picked from commit 35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07)
14Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15
16CVE: CVE-2025-7700
17
18Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e]
19
20Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
21---
22 libavcodec/alsdec.c | 8 ++++++--
23 1 file changed, 6 insertions(+), 2 deletions(-)
24
25diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
26index 9c3be4e..ba85973 100644
27--- a/libavcodec/alsdec.c
28+++ b/libavcodec/alsdec.c
29@@ -2115,8 +2115,8 @@ static av_cold int decode_init(AVCodecContext *avctx)
30 ctx->nbits = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits));
31 ctx->mlz = av_mallocz(sizeof(*ctx->mlz));
32
33- if (!ctx->mlz || !ctx->acf || !ctx->shift_value || !ctx->last_shift_value
34- || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
35+ if (!ctx->larray || !ctx->nbits || !ctx->mlz || !ctx->acf || !ctx->shift_value
36+ || !ctx->last_shift_value || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
37 av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
38 ret = AVERROR(ENOMEM);
39 goto fail;
40@@ -2127,6 +2127,10 @@ static av_cold int decode_init(AVCodecContext *avctx)
41
42 for (c = 0; c < avctx->channels; ++c) {
43 ctx->raw_mantissa[c] = av_calloc(ctx->cur_frame_length, sizeof(**ctx->raw_mantissa));
44+ if (!ctx->raw_mantissa[c]) {
45+ av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
46+ return AVERROR(ENOMEM);
47+ }
48 }
49 }
50
51--
522.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
index 8da11f196d..f205c4a5db 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
@@ -48,6 +48,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
48 file://CVE-2025-25473.patch \ 48 file://CVE-2025-25473.patch \
49 file://CVE-2025-22919.patch \ 49 file://CVE-2025-22919.patch \
50 file://CVE-2025-22921.patch \ 50 file://CVE-2025-22921.patch \
51 file://CVE-2025-7700.patch \
51 " 52 "
52 53
53SRC_URI[sha256sum] = "04c70c377de233a4b217c2fdf76b19aeb225a287daeb2348bccd978c47b1a1db" 54SRC_URI[sha256sum] = "04c70c377de233a4b217c2fdf76b19aeb225a287daeb2348bccd978c47b1a1db"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-04 12:16:57 +0000