mirror of
https://git.yoctoproject.org/poky
synced 2026-03-06 23:39:40 +01:00
ffmpeg: fix CVE-2024-32230
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 (From OE-Core rev: b78fd9322b80734ec54440a01a36323a9b1b83f1) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
committed by
Steve Sakoman
Steve Sakoman
parent
c3e123dda7
commit
0f869ed43b
36
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
Normal file
36
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch
Normal file
@@ -0,0 +1,36 @@
|
||||
From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Niedermayer <michael@niedermayer.cc>
|
||||
Date: Mon, 8 Apr 2024 18:38:42 +0200
|
||||
Subject: [PATCH] avcodec/mpegvideo_enc: Fix 1 line and one column images
|
||||
|
||||
Fixes: Ticket10952
|
||||
Fixes: poc21ffmpeg
|
||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
||||
|
||||
CVE: CVE-2024-32230
|
||||
|
||||
Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1]
|
||||
|
||||
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
|
||||
---
|
||||
libavcodec/mpegvideo_enc.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
|
||||
index e460ca4..fb4aaa2 100644
|
||||
--- a/libavcodec/mpegvideo_enc.c
|
||||
+++ b/libavcodec/mpegvideo_enc.c
|
||||
@@ -1198,8 +1198,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg)
|
||||
int dst_stride = i ? s->uvlinesize : s->linesize;
|
||||
int h_shift = i ? s->chroma_x_shift : 0;
|
||||
int v_shift = i ? s->chroma_y_shift : 0;
|
||||
- int w = s->width >> h_shift;
|
||||
- int h = s->height >> v_shift;
|
||||
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
|
||||
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
|
||||
const uint8_t *src = pic_arg->data[i];
|
||||
uint8_t *dst = pic->f->data[i];
|
||||
int vpad = 16;
|
||||
--
|
||||
2.40.0
|
||||
|
||||
@@ -31,6 +31,7 @@ SRC_URI = " \
|
||||
file://CVE-2024-31578.patch \
|
||||
file://CVE-2024-31582.patch \
|
||||
file://CVE-2023-50008.patch \
|
||||
file://CVE-2024-32230.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"
|
||||
|
||||
Reference in New Issue
Block a user