!57 同步openEuler-20.03-LTS-SP1 到openEuler-20.03-LTS-SP4
From: @happyworker Reviewed-by: @technology208 Signed-off-by: @technology208
This commit is contained in:
openeuler-ci-bot
Gitee
commit
2ac2fa741d
@ -1,6 +1,6 @@
|
||||
diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vividas.c
|
||||
--- ffmpeg-4.2.4/libavformat/vividas.c 2022-05-20 16:21:19.420882000 +0800
|
||||
+++ ffmpeg-4.2.4-new/libavformat/vividas.c 2022-05-23 14:27:05.231650000 +0800
|
||||
--- ffmpeg-4.2.4/libavformat/vividas.c 2022-05-24 14:52:47.185857000 +0800
|
||||
+++ ffmpeg-4.2.4-new/libavformat/vividas.c 2022-05-24 15:16:15.926505000 +0800
|
||||
@@ -27,7 +27,7 @@
|
||||
* @author Andrzej Szombierski [qq at kuku eu org] (2010-07)
|
||||
* @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV
|
||||
@ -11,7 +11,7 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid
|
||||
#include "avio_internal.h"
|
||||
#include "avformat.h"
|
||||
@@ -278,7 +278,7 @@
|
||||
|
||||
|
||||
static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *buf, int size)
|
||||
{
|
||||
- int i,j;
|
||||
@ -20,7 +20,7 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid
|
||||
int val_1;
|
||||
int num_video;
|
||||
@@ -372,7 +372,7 @@
|
||||
|
||||
|
||||
if (avio_tell(pb) < off) {
|
||||
int num_data;
|
||||
- int xd_size = 0;
|
||||
@ -35,7 +35,7 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid
|
||||
- xd_size += len;
|
||||
+ xd_size += len + 1 + len/255;
|
||||
}
|
||||
|
||||
|
||||
- st->codecpar->extradata_size = 64 + xd_size + xd_size / 255;
|
||||
- if (ff_alloc_extradata(st->codecpar, st->codecpar->extradata_size)) {
|
||||
- av_free(pb);
|
||||
@ -44,10 +44,10 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid
|
||||
+ ret = ff_alloc_extradata(st->codecpar, xd_size);
|
||||
+ if (ret < 0)
|
||||
+ return ret;
|
||||
|
||||
|
||||
p = st->codecpar->extradata;
|
||||
p[0] = 2;
|
||||
|
||||
|
||||
for (j = 0; j < num_data - 1; j++) {
|
||||
unsigned delta = av_xiphlacing(&p[offset], data_len[j]);
|
||||
- if (delta > data_len[j]) {
|
||||
@ -57,7 +57,7 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid
|
||||
+ av_assert0(delta <= xd_size - offset);
|
||||
offset += delta;
|
||||
}
|
||||
|
||||
|
||||
@@ -415,6 +410,7 @@
|
||||
av_freep(&st->codecpar->extradata);
|
||||
break;
|
||||
@ -65,4 +65,4 @@ diff -Naru ffmpeg-4.2.4/libavformat/vividas.c ffmpeg-4.2.4-new/libavformat/vivid
|
||||
+ av_assert0(data_len[j] <= xd_size - offset);
|
||||
offset += data_len[j];
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -1,18 +1,18 @@
|
||||
diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhddec.c
|
||||
--- ffmpeg-4.2.4/libavcodec/dnxhddec.c 2022-05-20 16:21:12.890882000 +0800
|
||||
+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c 2022-05-20 16:47:00.416516000 +0800
|
||||
--- ffmpeg-4.2.4/libavcodec/dnxhddec.c 2022-05-24 14:52:38.305857000 +0800
|
||||
+++ ffmpeg-4.2.4-new/libavcodec/dnxhddec.c 2022-05-24 15:13:34.231494000 +0800
|
||||
@@ -111,6 +111,7 @@
|
||||
|
||||
|
||||
static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
|
||||
{
|
||||
+ int ret;
|
||||
if (cid != ctx->cid) {
|
||||
int index;
|
||||
|
||||
|
||||
@@ -130,19 +131,26 @@
|
||||
ff_free_vlc(&ctx->dc_vlc);
|
||||
ff_free_vlc(&ctx->run_vlc);
|
||||
|
||||
|
||||
- init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
|
||||
+ if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
|
||||
ctx->cid_table->ac_bits, 1, 1,
|
||||
@ -31,15 +31,15 @@ diff -Naru ffmpeg-4.2.4/libavcodec/dnxhddec.c ffmpeg-4.2.4-new/libavcodec/dnxhdd
|
||||
- ctx->cid_table->run_codes, 2, 2, 0);
|
||||
+ ctx->cid_table->run_codes, 2, 2, 0)) < 0)
|
||||
+ goto out;
|
||||
|
||||
|
||||
ctx->cid = cid;
|
||||
}
|
||||
- return 0;
|
||||
+ ret = 0;
|
||||
+ ret = 0;
|
||||
+out:
|
||||
+ if (ret < 0)
|
||||
+ av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
|
||||
static av_cold int dnxhd_decode_init_thread_copy(AVCodecContext *avctx)
|
||||
|
||||
25
CVE-2023-51794.patch
Normal file
25
CVE-2023-51794.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From a80f53d91fc1d3c523b4660a4f7ca3ede82f0bd8 Mon Sep 17 00:00:00 2001
|
||||
From: happyworker <208suo@208suo.com>
|
||||
Date: Wed, 19 Jun 2024 14:48:11 +0800
|
||||
Subject: [PATCH] Fix CVE-2023-51794
|
||||
|
||||
---
|
||||
libavfilter/af_stereowiden.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/libavfilter/af_stereowiden.c b/libavfilter/af_stereowiden.c
|
||||
index d23c8db..3d7b5bb 100644
|
||||
--- a/libavfilter/af_stereowiden.c
|
||||
+++ b/libavfilter/af_stereowiden.c
|
||||
@@ -74,6 +74,8 @@ static int config_input(AVFilterLink *inlink)
|
||||
|
||||
s->length = s->delay * inlink->sample_rate / 1000;
|
||||
s->length *= 2;
|
||||
+ if (s->length == 0)
|
||||
+ return AVERROR(EINVAL);
|
||||
s->buffer = av_calloc(s->length, sizeof(*s->buffer));
|
||||
if (!s->buffer)
|
||||
return AVERROR(ENOMEM);
|
||||
--
|
||||
2.43.0
|
||||
|
||||
43
CVE-2024-31578.patch
Normal file
43
CVE-2024-31578.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001
|
||||
From: Zhao Zhili <zhilizhao@tencent.com>
|
||||
Date: Wed, 1 May 2024 18:08:51 +0800
|
||||
Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant.
|
||||
Fix heap use after free when vulkan_frames_init failed.
|
||||
|
||||
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
|
||||
---
|
||||
libavutil/hwcontext.c | 8 ++------
|
||||
1 file changed, 2 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
|
||||
index f1e404a..3b99b8a 100644
|
||||
--- a/libavutil/hwcontext.c
|
||||
+++ b/libavutil/hwcontext.c
|
||||
@@ -358,7 +358,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
|
||||
if (ctx->internal->hw_type->frames_init) {
|
||||
ret = ctx->internal->hw_type->frames_init(ctx);
|
||||
if (ret < 0)
|
||||
- goto fail;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
if (ctx->internal->pool_internal && !ctx->pool)
|
||||
@@ -368,14 +368,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
|
||||
if (ctx->initial_pool_size > 0) {
|
||||
ret = hwframe_pool_prealloc(ref);
|
||||
if (ret < 0)
|
||||
- goto fail;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
return 0;
|
||||
-fail:
|
||||
- if (ctx->internal->hw_type->frames_uninit)
|
||||
- ctx->internal->hw_type->frames_uninit(ctx);
|
||||
- return ret;
|
||||
}
|
||||
|
||||
int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
|
||||
--
|
||||
2.23.0
|
||||
|
||||
12
ffmpeg.spec
12
ffmpeg.spec
@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
|
||||
Summary: Digital VCR and streaming server
|
||||
Name: ffmpeg%{?flavor}
|
||||
Version: 4.2.4
|
||||
Release: 4
|
||||
Release: 6
|
||||
License: %{ffmpeg_license}
|
||||
URL: http://ffmpeg.org/
|
||||
%if 0%{?date}
|
||||
@ -75,6 +75,8 @@ Patch2: CVE-2021-3566.patch
|
||||
Patch3: CVE-2021-38291.patch
|
||||
Patch4: CVE-2021-38114.patch
|
||||
Patch5: CVE-2020-35964.patch
|
||||
Patch6: CVE-2024-31578.patch
|
||||
Patch7: CVE-2023-51794.patch
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
|
||||
%{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
|
||||
@ -407,7 +409,13 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon May 23 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
|
||||
* Wed Jun 19 2024 happyworker <208suo@208suo.com> - 4.2.4-6
|
||||
- Fix CVE-2023-51794
|
||||
|
||||
* Wed May 01 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.2.4-5
|
||||
- fix CVE-2024-31578
|
||||
|
||||
* Tue May 24 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
|
||||
- Fix CVE-2021-38114 and CVE-2020-35964
|
||||
|
||||
* Sat Sep 04 2021 guoxiaoqi <guoxiaoqi2@huawei.com> - 4.2.4-3
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user