packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!32 fix CVE-2024-31578 and CVE-2024-31582

Browse Source 
From: @cenhuilin 
Reviewed-by: @dou33 
Signed-off-by: @dou33
This commit is contained in:
openeuler-ci-bot 2024-04-30 09:20:16 +00:00 committed by Gitee
commit 62a3f3c9c7
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 78 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0001-fix-CVE-2024-31578.patch Normal file
View File

@ -0,0 +1,43 @@
From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001
From: Zhao Zhili <zhilizhao@tencent.com>
Date: Mon, 29 Apr 2024 17:02:47 +0800
Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant.
Fix heap use after free when vulkan_frames_init failed.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
---
libavutil/hwcontext.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
index 3650d46..0ef3479 100644
--- a/libavutil/hwcontext.c
+++ b/libavutil/hwcontext.c
@@ -363,7 +363,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
if (ctx->internal->hw_type->frames_init) {
ret = ctx->internal->hw_type->frames_init(ctx);
if (ret < 0)
- goto fail;
+ return ret;
}
if (ctx->internal->pool_internal && !ctx->pool)
@@ -373,14 +373,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
if (ctx->initial_pool_size > 0) {
ret = hwframe_pool_prealloc(ref);
if (ret < 0)
- goto fail;
+ return ret;
}
return 0;
-fail:
- if (ctx->internal->hw_type->frames_uninit)
- ctx->internal->hw_type->frames_uninit(ctx);
- return ret;
}
int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
--
2.27.0

28
0002-fix-CVE-2024-31582.patch Normal file
View File

@ -0,0 +1,28 @@
From 99debe5f823f45a482e1dc08de35879aa9c74bd2 Mon Sep 17 00:00:00 2001
From: Zhao Zhili <zhilizhao@tencent.com>
Date: Mon, 29 Apr 2024 17:42:23 +0800
Subject: [PATCH] avfilter/vf_codecview: fix heap buffer overflow.
And improve the performance by a little bit.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
---
libavfilter/vf_codecview.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/libavfilter/vf_codecview.c b/libavfilter/vf_codecview.c
index 55d9c8c..f65ccbd 100644
--- a/libavfilter/vf_codecview.c
+++ b/libavfilter/vf_codecview.c
@@ -216,9 +216,6 @@ static void draw_block_rectangle(uint8_t *buf, int sx, int sy, int w, int h, ptr
buf[sx + w - 1] = color;
buf += stride;
}
-
- for (int x = sx; x < sx + w; x++)
- buf[x] = color;
}
static int filter_frame(AVFilterLink *inlink, AVFrame *frame)
--
2.27.0

8
ffmpeg.spec
View File

@ -59,7 +59,7 @@ ExclusiveArch: armv7hnl
Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor}
Version: 6.1.1
Release: 2
Release: 3
License: GPL-3.0-or-later
URL: http://ffmpeg.org/
Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@ -68,6 +68,9 @@ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
Patch0: avformat-get_first_dts.patch
%endif
Patch1: 0001-fix-CVE-2024-31578.patch
Patch2: 0002-fix-CVE-2024-31582.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
%{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -395,6 +398,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog
* Mon Apr 29 2024 cenhuilin <cenhuilin@kylinos.cn> - 6.1.1-3
- fix CVE-2024-31578 CVE-2024-31582
* Wed Apr 03 2024 misaka00251 <liuxin@iscas.ac.cn> - 6.1.1-2
- Add patch to fix chromium build on riscv64 & Cleanup patches