2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch
new file mode 100644
index 0000000000..f7f16a5b92
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch
@@ -0,0 +1,35 @@
+From 0bed22d597b78999151e3bde0768b7fe763fc2a6 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Tue, 26 Mar 2024 00:39:49 +0100
+Subject: [PATCH] avformat/sbgdec: Check for negative duration
+Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
+Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+CVE: CVE-2024-35366
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavformat/sbgdec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
+index b2662ea..281fe62 100644
+--- a/libavformat/sbgdec.c
+++ b/libavformat/sbgdec.c
+@@ -386,7 +386,7 @@ static int parse_options(struct sbg_parser *p)
+                 case 'L':
+                     FORWARD_ERROR(parse_optarg(p, opt, &oarg));
+                     r = str_to_time(oarg.s, &p->scs.opt_duration);
+-                    if (oarg.e != oarg.s + r) {
+                    if (oarg.e != oarg.s + r || p->scs.opt_duration < 0) {
+                         snprintf(p->err_msg, sizeof(p->err_msg),
+                                  "syntax error for option -L");
+                         return AVERROR_INVALIDDATA;
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index 8f4a8d34c0..dd95629648 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -37,6 +37,7 @@ SRC_URI = " \
    file://CVE-2023-50007.patch \
    file://CVE-2023-49528.patch \
    file://CVE-2024-7055.patch \
+    file://CVE-2024-35366.patch \
 "
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch new file mode 100644 index 0000000000..f7f16a5b92 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch
@@ -0,0 +1,35 @@
		1	From 0bed22d597b78999151e3bde0768b7fe763fc2a6 Mon Sep 17 00:00:00 2001
		2	From: Michael Niedermayer <michael@niedermayer.cc>
		3	Date: Tue, 26 Mar 2024 00:39:49 +0100
		4	Subject: [PATCH] avformat/sbgdec: Check for negative duration
		5
		6	Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
		7	Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768
		8
		9	Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
		10	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
		11
		12	CVE: CVE-2024-35366
		13
		14	Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6]
		15
		16	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		17	---
		18	libavformat/sbgdec.c \| 2 +-
		19	1 file changed, 1 insertion(+), 1 deletion(-)
		20
		21	diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
		22	index b2662ea..281fe62 100644
		23	--- a/libavformat/sbgdec.c
		24	+++ b/libavformat/sbgdec.c
		25	@@ -386,7 +386,7 @@ static int parse_options(struct sbg_parser *p)
		26	case 'L':
		27	FORWARD_ERROR(parse_optarg(p, opt, &oarg));
		28	r = str_to_time(oarg.s, &p->scs.opt_duration);
		29	- if (oarg.e != oarg.s + r) {
		30	+ if (oarg.e != oarg.s + r \|\| p->scs.opt_duration < 0) {
		31	snprintf(p->err_msg, sizeof(p->err_msg),
		32	"syntax error for option -L");
		33	return AVERROR_INVALIDDATA;
		34	--
		35	2.40.0


diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb index 8f4a8d34c0..dd95629648 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -37,6 +37,7 @@ SRC_URI = " \
37	file://CVE-2023-50007.patch \	37	file://CVE-2023-50007.patch \
38	file://CVE-2023-49528.patch \	38	file://CVE-2023-49528.patch \
39	file://CVE-2024-7055.patch \	39	file://CVE-2024-7055.patch \
		40	file://CVE-2024-35366.patch \
40	"	41	"
41		42
42	SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"	43	SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"