packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-36617 CVE-2024-36618

Browse Source 
(cherry picked from commit 70dc17043cecf7d4d2b8ae319d4428a18e2ee5c3)
This commit is contained in:
liningjie 2024-12-13 17:02:04 +08:00 committed by openeuler-sync-bot
parent 2452bef14c
commit 787d4f9615
3 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
backport-CVE-2024-36617.patch Normal file
View File

@ -0,0 +1,31 @@
From d973fcbcc2f944752ff10e6a76b0b2d9329937a7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 30 Sep 2023 00:38:17 +0200
Subject: [PATCH] avformat/cafdec: dont seek beyond 64bit
Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/cafdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index 426c56b9bd..72809fd1de 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -271,7 +271,7 @@ static int read_pakt_chunk(AVFormatContext *s, int64_t size)
}
}
- if (avio_tell(pb) - ccount > size) {
+ if (avio_tell(pb) - ccount > size || size > INT64_MAX - ccount) {
av_log(s, AV_LOG_ERROR, "error reading packet table\n");
return AVERROR_INVALIDDATA;
}
--
2.43.0

31
backport-CVE-2024-36618.patch Normal file
View File

@ -0,0 +1,31 @@
From 7a089ed8e049e3bfcb22de1250b86f2106060857 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Tue, 12 Mar 2024 23:23:17 +0100
Subject: [PATCH] avformat/avidec: Fix integer overflow iff ULONG_MAX <
INT64_MAX
Affects many FATE-tests, see
https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
libavformat/avidec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index f3183b2698..985a9bf022 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -1696,7 +1696,7 @@ static int check_stream_max_drift(AVFormatContext *s)
int *idx = av_calloc(s->nb_streams, sizeof(*idx));
if (!idx)
return AVERROR(ENOMEM);
- for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1LU) {
+ for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1ULL) {
int64_t max_dts = INT64_MIN / 2;
int64_t min_dts = INT64_MAX / 2;
int64_t max_buffer = 0;
--
2.43.0

7
ffmpeg.spec
View File

@ -62,7 +62,7 @@
Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor}
Version: 6.1.1
Release: 16
Release: 17
License: GPL-3.0-or-later
URL: http://ffmpeg.org/
Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@ -82,6 +82,8 @@ Patch11: backport-CVE-2024-35366.patch
Patch12: backport-CVE-2024-35367.patch
Patch13: backport-CVE-2024-35368.patch
Patch14: backport-CVE-2024-36616.patch
Patch15: backport-CVE-2024-36618.patch
Patch16: backport-CVE-2024-36617.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@ -411,6 +413,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog
* Fri Dec 13 2024 liningjie <liningjie@xfusion.com> - 6.1.1-17
- fix CVE-2024-36617 CVE-2024-36618
* Mon Dec 02 2024 liningjie <liningjie@xfusion.com> - 6.1.1-16
- fix CVE-2024-35368 CVE-2024-36616