mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 13:29:49 +00:00
Code Issues Projects Releases Wiki Activity

ffmpeg: fix for CVE-2022-3109

Browse Source 
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of
the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

CVE: CVE-2022-3109

Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]

(From OE-Core rev: 874b72fe259cd3a23f4613fccfe2e9cc3f79cd6a)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Narpat Mali
2023-01-04 15:06:55 +00:00
committed by Richard Purdie
parent 80dee2dad3
commit fd2d945820
2 changed files with 46 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
+44
View File
@@ -0,0 +1,44 @@
From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Date: Tue, 15 Feb 2022 17:58:08 +0800
Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
Since the av_malloc() may fail and return NULL pointer,
it is needed that the 's->edge_emu_buffer' should be checked
whether the new allocation is success.
Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
CVE: CVE-2022-3109
Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
---
libavcodec/vp3.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index e9ab54d736..e2418eb6fa 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
AV_GET_BUFFER_FLAG_REF)) < 0)
goto error;
- if (!s->edge_emu_buffer)
+ if (!s->edge_emu_buffer) {
s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
+ if (!s->edge_emu_buffer) {
+ ret = AVERROR(ENOMEM);
+ goto error;
+ }
+ }
if (s->keyframe) {
if (!s->theora) {
--
2.34.1
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+2 -1
View File
@@ -26,7 +26,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
" file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"