From afbf8e2aff1722eec61c5e67a6f16bbef38e152b Mon Sep 17 00:00:00 2001
From: happyworker <208suo@208suo.com>
Date: Mon, 24 Jun 2024 18:34:39 +0800
Subject: [PATCH] fix-CVE-2023-49502

---
 ffmpeg.spec              |  7 +++-
 fix-CVE-2023-49502.patch | 87 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 fix-CVE-2023-49502.patch

diff --git a/ffmpeg.spec b/ffmpeg.spec
index 2e09a72..7841db4 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -59,7 +59,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        6.1.1
-Release:        7
+Release:        8
 License:        GPL-3.0-or-later
 URL:            http://ffmpeg.org/
 Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@@ -71,7 +71,7 @@ Patch3:		fix-CVE-2024-31578.patch
 Patch4:		fix-CVE-2024-31582.patch
 Patch5:         fix_libsvgdec_compile_error.patch
 Patch6:         CVE-2023-49528.patch
-
+Patch7:         fix-CVE-2023-49502.patch
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@@ -399,6 +399,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Mon Jun 24 2024 happyworker <208suo@208suo.com> - 6.1.1-8
+- fix-CVE-2023-49502.patch
+
 * Fri Jun 21 2024 misaka00251 <liuxin@iscas.ac.cn> - 6.1.1-7
 - Remove riscv64 exclusive arch for chromium patch
 
diff --git a/fix-CVE-2023-49502.patch b/fix-CVE-2023-49502.patch
new file mode 100644
index 0000000..5e2ab42
--- /dev/null
+++ b/fix-CVE-2023-49502.patch
@@ -0,0 +1,87 @@
+From 1b6c65ed990c7bdfe298ff6832da55bdc823e0c1 Mon Sep 17 00:00:00 2001
+From: happyworker <happyworker@208suo.com>
+Date: Tue, 18 Jun 2024 18:03:52 +0800
+Subject: [PATCH] fix-CVE-2023-49502
+
+---
+ libavfilter/vf_bwdif.c        |  9 +++++----
+ libavfilter/vf_bwdif_cuda.c   | 11 ++++++-----
+ libavfilter/vf_bwdif_vulkan.c |  9 ++++-----
+ 3 files changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/libavfilter/vf_bwdif.c b/libavfilter/vf_bwdif.c
+index 137cd5e..a64d6fd 100644
+--- a/libavfilter/vf_bwdif.c
++++ b/libavfilter/vf_bwdif.c
+@@ -190,14 +190,15 @@ static int config_props(AVFilterLink *link)
+         av_log(ctx, AV_LOG_ERROR, "Failure to setup CC FIFO queue\n");
+         return ret;
+     }
++    
++    yadif->csp = av_pix_fmt_desc_get(link->format);
++    yadif->filter = filter;
+ 
+-    if (link->w < 3 || link->h < 4) {
+-        av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or 4 lines is not supported\n");
++    if (AV_CEIL_RSHIFT(link->w, yadif->csp->log2_chroma_w) < 3 || AV_CEIL_RSHIFT(link->h, yadif->csp->log2_chroma_h) < 4) {
++        av_log(ctx, AV_LOG_ERROR, "Video with planes less than 3 columns or 4 lines is not supported\n");
+         return AVERROR(EINVAL);
+     }
+ 
+-    yadif->csp = av_pix_fmt_desc_get(link->format);
+-    yadif->filter = filter;
+     ff_bwdif_init_filter_line(&s->dsp, yadif->csp->comp[0].depth);
+ 
+     return 0;
+diff --git a/libavfilter/vf_bwdif_cuda.c b/libavfilter/vf_bwdif_cuda.c
+index a5ecfba..bca12dd 100644
+--- a/libavfilter/vf_bwdif_cuda.c
++++ b/libavfilter/vf_bwdif_cuda.c
+@@ -296,14 +296,15 @@ static int config_output(AVFilterLink *link)
+         link->frame_rate = av_mul_q(ctx->inputs[0]->frame_rate,
+                                     (AVRational){2, 1});
+ 
+-    if (link->w < 3 || link->h < 3) {
+-        av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or lines is not supported\n");
+-        ret = AVERROR(EINVAL);
+-        goto exit;
+-    }
+ 
+     y->csp = av_pix_fmt_desc_get(output_frames->sw_format);
+     y->filter = filter;
++    
++     if (AV_CEIL_RSHIFT(link->w, y->csp->log2_chroma_w) < 3 || AV_CEIL_RSHIFT(link->h, y->csp->log2_chroma_h) < 3) {
++        av_log(ctx, AV_LOG_ERROR, "Video with planes less than 3 columns or lines is not supported\n");
++        ret = AVERROR(EINVAL);
++        goto exit;
++    }
+ 
+     ret = CHECK_CU(cu->cuCtxPushCurrent(s->hwctx->cuda_ctx));
+     if (ret < 0)
+diff --git a/libavfilter/vf_bwdif_vulkan.c b/libavfilter/vf_bwdif_vulkan.c
+index 690a89c..aaa881b 100644
+--- a/libavfilter/vf_bwdif_vulkan.c
++++ b/libavfilter/vf_bwdif_vulkan.c
+@@ -362,15 +362,14 @@ static int bwdif_vulkan_config_output(AVFilterLink *outlink)
+         outlink->frame_rate = av_mul_q(avctx->inputs[0]->frame_rate,
+                                        (AVRational){2, 1});
+ 
+-    if (outlink->w < 4 || outlink->h < 4) {
+-        av_log(avctx, AV_LOG_ERROR, "Video of less than 4 columns or lines is not "
+-               "supported\n");
+-        return AVERROR(EINVAL);
+-    }
+ 
+     y->csp = av_pix_fmt_desc_get(vkctx->frames->sw_format);
+     y->filter = bwdif_vulkan_filter_frame;
+ 
++    if (AV_CEIL_RSHIFT(outlink->w, y->csp->log2_chroma_w) < 4 || AV_CEIL_RSHIFT(outlink->h, y->csp->log2_chroma_h) < 4) {
++        av_log(avctx, AV_LOG_ERROR, "Video with planes less than 4 columns or lines is not supported\n");
++        return AVERROR(EINVAL);
++    }
+     return init_filter(avctx);
+ }
+ 
+-- 
+2.43.0
+