diff options
author | Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> | 2021-01-12 17:37:31 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-13 23:12:25 +0000 |
commit | 526ee4ca2c493de1ac494b69e5ce9a9e55835c3a (patch) | |
tree | 7e620af3ab4b00810293fc5a1a6c1742d8236b0b /meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch | |
parent | 8eb186acdecfbb3151c9a0ab148358e3fe5cce39 (diff) | |
download | openembedded-core-contrib-526ee4ca2c493de1ac494b69e5ce9a9e55835c3a.tar.gz |
ffmpeg: Fix CVE-2020-35964, CVE-2020-35965
Backport the CVE patches from upstream:
https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7
https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
CVE:
CVE-2020-35964
CVE-2020-35965
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch')
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch new file mode 100644 index 0000000000..ddab8e9aca --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch @@ -0,0 +1,35 @@ +From 3e5959b3457f7f1856d997261e6ac672bba49e8b Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Sat, 24 Oct 2020 22:21:48 +0200 +Subject: [PATCH] avcodec/exr: Check ymin vs. h + +Fixes: out of array access +Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344 +Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136 + +Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b] + +CVE: CVE-2020-35965 + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> +--- + libavcodec/exr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavcodec/exr.c b/libavcodec/exr.c +index e907c5c46401..8b701d1cd298 100644 +--- a/libavcodec/exr.c ++++ b/libavcodec/exr.c +@@ -1830,7 +1830,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, + // Zero out the start if ymin is not 0 + for (i = 0; i < planes; i++) { + ptr = picture->data[i]; +- for (y = 0; y < s->ymin; y++) { ++ for (y = 0; y < FFMIN(s->ymin, s->h); y++) { + memset(ptr, 0, out_line_size); + ptr += picture->linesize[i]; + } |