!158 [sync] PR-156: fix CVE-2023-49501

From: @openeuler-sync-bot 
Reviewed-by: @technology208 
Signed-off-by: @technology208

CVE-2023-49501.patch

@@ -0,0 +1,25 @@
+From b45cc9297e567f76ccd39d9670eed521f2036d2c Mon Sep 17 00:00:00 2001
+From: happyworker <208suo@208suo.com>
+Date: Wed, 18 Sep 2024 15:24:00 +0800
+Subject: [PATCH] createpatch
+
+---
+ libavfilter/asrc_afirsrc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavfilter/asrc_afirsrc.c b/libavfilter/asrc_afirsrc.c
+index e2359c1..ea04c35 100644
+--- a/libavfilter/asrc_afirsrc.c
++++ b/libavfilter/asrc_afirsrc.c
+@@ -480,7 +480,7 @@ static av_cold int config_eq_output(AVFilterLink *outlink)
+         if (ret < 0)
+             return ret;
+ 
+-        s->magnitude = av_calloc(s->nb_magnitude, sizeof(*s->magnitude));
++        s->magnitude = av_calloc(s->nb_magnitude + 1, sizeof(*s->magnitude));
+         if (!s->magnitude)
+             return AVERROR(ENOMEM);
+         memcpy(s->magnitude, eq_presets[s->preset].gains, sizeof(*s->magnitude) * s->nb_magnitude);
+-- 
+2.27.0
+

ffmpeg.spec

@@ -62,7 +62,7 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        6.1.1
-Release:        13
+Release:        14
 License:        GPL-3.0-or-later
 URL:            http://ffmpeg.org/
 Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@@ -77,7 +77,7 @@ Patch6:         CVE-2023-49528.patch
 Patch7:         fix-CVE-2023-49502.patch
 Patch8:         fix-CVE-2024-32230.patch
 Patch9:         CVE-2024-7055.patch
-
+Patch10:        CVE-2023-49501.patch
 
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@@ -407,6 +407,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Wed Sep 18 2024 happyworker <208suo@208suo.com> - 6.1.1-14
+- CVE-2023-49501.patch
+
 * Tue Aug 27 2024 happyworker <208suo@208suo.com> - 6.1.1-13
 - CVE-2024-7055.patch