27 lines
1.0 KiB
Diff
27 lines
1.0 KiB
Diff
From 0fa2535254c3e45b83f3a915f91b315f6d89879d Mon Sep 17 00:00:00 2001
|
|
From: Michael Niedermayer <michael@niedermayer.cc>
|
|
Date: Tue, 2 Jul 2024 17:15:31 +0800
|
|
Subject: [PATCH] CVE-2022-1475
|
|
|
|
---
|
|
ffmpeg-4.2.4/libavcodec/g729_parser.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/ffmpeg-4.2.4/libavcodec/g729_parser.c b/ffmpeg-4.2.4/libavcodec/g729_parser.c
|
|
index fc00235..3ede92d 100644
|
|
--- a/ffmpeg-4.2.4/libavcodec/g729_parser.c
|
|
+++ b/ffmpeg-4.2.4/libavcodec/g729_parser.c
|
|
@@ -48,6 +48,9 @@ static int g729_parse(AVCodecParserContext *s1, AVCodecContext *avctx,
|
|
av_assert1(avctx->codec_id == AV_CODEC_ID_G729);
|
|
/* FIXME: replace this heuristic block_size with more precise estimate */
|
|
s->block_size = (avctx->bit_rate < 8000) ? G729D_6K4_BLOCK_SIZE : G729_8K_BLOCK_SIZE;
|
|
+ // channels > 2 is invalid, we pass the packet on unchanged
|
|
+ if (avctx->channels > 2)
|
|
+ s->block_size = 0;
|
|
s->block_size *= avctx->channels;
|
|
s->duration = avctx->frame_size;
|
|
}
|
|
--
|
|
2.43.0
|
|
|