packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2021-3566 and CVE-2021-38291

Browse Source
This commit is contained in:
guoxiaoqi 2021-09-04 11:55:07 +08:00
parent 232c2280f1
commit af3bbfe20c
3 changed files with 112 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2021-3566.patch Normal file
View File

@ -0,0 +1,56 @@
From 3bce9e9b3ea35c54bacccc793d7da99ea5157532 Mon Sep 17 00:00:00 2001
From: Paul B Mahol <onemda@gmail.com>
Date: Mon, 27 Jan 2020 21:53:08 +0100
Subject: [PATCH] avformat/tty: add probe function
---
libavformat/tty.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/libavformat/tty.c b/libavformat/tty.c
index 8d48f2c45c12..60f7e9f87ee7 100644
--- a/libavformat/tty.c
+++ b/libavformat/tty.c
@@ -34,6 +34,13 @@
#include "internal.h"
#include "sauce.h"
+static int isansicode(int x)
+{
+ return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f);
+}
+
+static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt";
+
typedef struct TtyDemuxContext {
AVClass *class;
int chars_per_frame;
@@ -42,6 +49,17 @@ typedef struct TtyDemuxContext {
AVRational framerate; /**< Set by a private option. */
} TtyDemuxContext;
+static int read_probe(const AVProbeData *p)
+{
+ int cnt = 0;
+
+ for (int i = 0; i < p->buf_size; i++)
+ cnt += !!isansicode(p->buf[i]);
+
+ return (cnt * 100LL / p->buf_size) * (cnt > 400) *
+ !!av_match_ext(p->filename, tty_extensions);
+}
+
/**
* Parse EFI header
*/
@@ -153,8 +171,9 @@ AVInputFormat ff_tty_demuxer = {
.name = "tty",
.long_name = NULL_IF_CONFIG_SMALL("Tele-typewriter"),
.priv_data_size = sizeof(TtyDemuxContext),
+ .read_probe = read_probe,
.read_header = read_header,
.read_packet = read_packet,
- .extensions = "ans,art,asc,diz,ice,nfo,txt,vt",
+ .extensions = tty_extensions,
.priv_class = &tty_demuxer_class,
};

50
CVE-2021-38291.patch Normal file
View File

@ -0,0 +1,50 @@
From e01d306c647b5827102260b885faa223b646d2d1 Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Wed, 21 Jul 2021 01:02:44 -0300
Subject: [PATCH] avcodec/utils: don't return negative values in
av_get_audio_frame_duration()
In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.
Fixes ticket #9312
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavcodec/utils.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 5fad782f5a..cfc07cbcb8 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -810,20 +810,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes)
{
- return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
+ int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
avctx->channels, avctx->block_align,
avctx->codec_tag, avctx->bits_per_coded_sample,
avctx->bit_rate, avctx->extradata, avctx->frame_size,
frame_bytes);
+ return FFMAX(0, duration);
}
int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes)
{
- return get_audio_frame_duration(par->codec_id, par->sample_rate,
+ int duration = get_audio_frame_duration(par->codec_id, par->sample_rate,
par->channels, par->block_align,
par->codec_tag, par->bits_per_coded_sample,
par->bit_rate, par->extradata, par->frame_size,
frame_bytes);
+ return FFMAX(0, duration);
}
#if !HAVE_THREADS
--
2.20.1

7
ffmpeg.spec
View File

@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
Summary: Digital VCR and streaming server Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor} Name: ffmpeg%{?flavor}
Version: 4.2.4 Version: 4.2.4
Release: 2 Release: 3
License: %{ffmpeg_license} License: %{ffmpeg_license}
URL: http://ffmpeg.org/ URL: http://ffmpeg.org/
%if 0%{?date} %if 0%{?date}
@ -71,6 +71,8 @@ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
%endif %endif
Patch0: fix_ppc_build.patch Patch0: fix_ppc_build.patch
Patch1: fix-vmaf-model-path.patch Patch1: fix-vmaf-model-path.patch
Patch2: CVE-2021-3566.patch
Patch3: CVE-2021-38291.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
%{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})} %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -403,6 +405,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog %changelog
* Sat Sep 04 2021 guoxiaoqi <guoxiaoqi2@huawei.com> - 4.2.4-3
- Fix CVE-2021-3566 and CVE-2021-38291
* Tue Jul 20 2021 weidong <weidong@uniontech.com> - 4.2.4-2 * Tue Jul 20 2021 weidong <weidong@uniontech.com> - 4.2.4-2
- Fix requires conflict - Fix requires conflict