fix CVE-2024-36613

2025-01-06 23:05:16 +08:00 · 2025-01-06 23:05:16 +08:00 · 4ec1276041
commit 4ec1276041
parent 983ea99424
2 changed files with 44 additions and 1 deletions
--- a/backport-CVE-2024-36613.patch
+++ b/backport-CVE-2024-36613.patch
@ -0,0 +1,36 @@
+From 1f6fcc64179377114b4ecc3b9f63bd5774a64edf Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 30 Sep 2023 00:51:29 +0200
+Subject: [PATCH] avformat/dxa: Adjust order of operations around block
+align
+
+Fixes:
+51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
+Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in
+type 'int'
+
+Found-by: continuous fuzzing process
+https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 50d8e4f27398fd5778485a827d7a2817921f8540)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/dxa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavformat/dxa.c b/libavformat/dxa.c
+index 474b852..167241f 100644
+--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
+@@ -122,7 +122,7 @@ static int dxa_read_header(AVFormatContext *s)
+         if(ast->codecpar->block_align) {
+             if (c->bpc > INT_MAX - ast->codecpar->block_align + 1)
+                 return AVERROR_INVALIDDATA;
+-            c->bpc = ((c->bpc + ast->codecpar->block_align - 1) / ast->codecpar->block_align) * ast->codecpar->block_align;
+	    c->bpc = ((c->bpc - 1 + ast->codecpar->block_align) / ast->codecpar->block_align) * ast->codecpar->block_align;
+         }
+         c->bytes_left = fsize;
+         c->wavpos = avio_tell(pb);
+-- 
+2.41.0
+
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@ -62,7 +62,7 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        6.1.1
-Release:        18
+Release:        19
 License:        GPL-3.0-or-later
 URL:            http://ffmpeg.org/
 Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@ -86,6 +86,7 @@ Patch15:        backport-CVE-2024-36618.patch
 Patch16:        backport-CVE-2024-36617.patch
 Patch17:        backport-CVE-2024-36619.patch
 Patch18:        backport-CVE-2024-35369.patch
+Patch19:        backport-CVE-2024-36613.patch

 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@ -415,6 +416,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}


 %changelog
+* Sun Jan 5 2025 changtao <changtao@kylinos.cn> - 6.1.1-19
+- Type: CVE
+- CVE: CVE-2024-36613
+- SUG: NA
+- DESC: fix CVE-2024-36613
+
 * Tue Dec 17 2024 liningjie <liningjie@xfusion.com> - 6.1.1-18
 - fix CVE-2024-36619 CVE-2024-35369