diff options
Diffstat (limited to 'meta/recipes-multimedia')
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch | 18 | ||||
| -rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb (renamed from meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb) | 7 |
2 files changed, 10 insertions, 15 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch index 300b8d1e49..8dc43c3b68 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36613.patch | |||
| @@ -1,8 +1,7 @@ | |||
| 1 | From 1f6fcc64179377114b4ecc3b9f63bd5774a64edf Mon Sep 17 00:00:00 2001 | 1 | From 1f6fcc64179377114b4ecc3b9f63bd5774a64edf Mon Sep 17 00:00:00 2001 |
| 2 | From: Michael Niedermayer <michael@niedermayer.cc> | 2 | From: Michael Niedermayer <michael@niedermayer.cc> |
| 3 | Date: Sat, 30 Sep 2023 00:51:29 +0200 | 3 | Date: Sat, 30 Sep 2023 00:51:29 +0200 |
| 4 | Subject: [PATCH 2/4] avformat/dxa: Adjust order of operations around block | 4 | Subject: [PATCH] avformat/dxa: Adjust order of operations around block align |
| 5 | align | ||
| 6 | 5 | ||
| 7 | Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464 | 6 | Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464 |
| 8 | Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int' | 7 | Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int' |
| @@ -22,17 +21,18 @@ Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | |||
| 22 | 1 file changed, 1 insertion(+), 1 deletion(-) | 21 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 23 | 22 | ||
| 24 | diff --git a/libavformat/dxa.c b/libavformat/dxa.c | 23 | diff --git a/libavformat/dxa.c b/libavformat/dxa.c |
| 25 | index 16fbb08..53747c8 100644 | 24 | index 474b852..b4d9d00 100644 |
| 26 | --- a/libavformat/dxa.c | 25 | --- a/libavformat/dxa.c |
| 27 | +++ b/libavformat/dxa.c | 26 | +++ b/libavformat/dxa.c |
| 28 | @@ -120,7 +120,7 @@ static int dxa_read_header(AVFormatContext *s) | 27 | @@ -122,7 +122,7 @@ static int dxa_read_header(AVFormatContext *s) |
| 29 | } | 28 | if(ast->codecpar->block_align) { |
| 30 | c->bpc = (fsize + c->frames - 1) / c->frames; | 29 | if (c->bpc > INT_MAX - ast->codecpar->block_align + 1) |
| 31 | if(ast->codecpar->block_align) | 30 | return AVERROR_INVALIDDATA; |
| 32 | - c->bpc = ((c->bpc + ast->codecpar->block_align - 1) / ast->codecpar->block_align) * ast->codecpar->block_align; | 31 | - c->bpc = ((c->bpc + ast->codecpar->block_align - 1) / ast->codecpar->block_align) * ast->codecpar->block_align; |
| 33 | + c->bpc = ((c->bpc - 1 + ast->codecpar->block_align) / ast->codecpar->block_align) * ast->codecpar->block_align; | 32 | + c->bpc = ((c->bpc - 1 + ast->codecpar->block_align) / ast->codecpar->block_align) * ast->codecpar->block_align; |
| 33 | } | ||
| 34 | c->bytes_left = fsize; | 34 | c->bytes_left = fsize; |
| 35 | c->wavpos = avio_tell(pb); | 35 | c->wavpos = avio_tell(pb); |
| 36 | avio_seek(pb, c->vidpos, SEEK_SET); | 36 | -- |
| 37 | -- | ||
| 38 | 2.40.0 | 37 | 2.40.0 |
| 38 | |||
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb index 4b99c0fa21..127552396d 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | |||
| @@ -24,11 +24,6 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ | |||
| 24 | 24 | ||
| 25 | SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ | 25 | SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ |
| 26 | file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ | 26 | file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ |
| 27 | file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ | ||
| 28 | file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ | ||
| 29 | file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \ | ||
| 30 | file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ | ||
| 31 | file://CVE-2022-48434.patch \ | ||
| 32 | file://CVE-2024-32230.patch \ | 27 | file://CVE-2024-32230.patch \ |
| 33 | file://CVE-2023-51793.patch \ | 28 | file://CVE-2023-51793.patch \ |
| 34 | file://CVE-2023-50008.patch \ | 29 | file://CVE-2023-50008.patch \ |
| @@ -53,7 +48,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ | |||
| 53 | file://CVE-2025-25473.patch \ | 48 | file://CVE-2025-25473.patch \ |
| 54 | " | 49 | " |
| 55 | 50 | ||
| 56 | SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" | 51 | SRC_URI[sha256sum] = "04c70c377de233a4b217c2fdf76b19aeb225a287daeb2348bccd978c47b1a1db" |
| 57 | 52 | ||
| 58 | # CVE-2023-39018 issue belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI) | 53 | # CVE-2023-39018 issue belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI) |
| 59 | # and not ffmepg itself. | 54 | # and not ffmepg itself. |
