mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-20 18:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

ffmpeg: fix CVE-2024-32230

Browse Source 
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param
bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0

(From OE-Core rev: 6eb7dc3eecbbe115f95864d587fb3d5557321973)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
2024-11-21 06:45:48 +00:00
committed by Steve Sakoman
parent 3be25b503f
commit b7d06a657a
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-32230.patch Normal file
View File

@@ -0,0 +1,35 @@
From 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 8 Apr 2024 18:38:42 +0200
Subject: [PATCH] avcodec/mpegvideo_enc: Fix 1 line and one column images
Fixes: Ticket10952
Fixes: poc21ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2024-32230
Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1]
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
libavcodec/mpegvideo_enc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
index 128d1a3..3bd84cd 100644
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -1130,8 +1130,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg)
int dst_stride = i ? s->uvlinesize : s->linesize;
int h_shift = i ? h_chroma_shift : 0;
int v_shift = i ? v_chroma_shift : 0;
- int w = s->width >> h_shift;
- int h = s->height >> v_shift;
+ int w = AV_CEIL_RSHIFT(s->width , h_shift);
+ int h = AV_CEIL_RSHIFT(s->height, v_shift);
uint8_t *src = pic_arg->data[i];
uint8_t *dst = pic->f->data[i];
int vpad = 16;
--
2.40.0

1
meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
View File

@@ -29,6 +29,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \
file://CVE-2022-48434.patch \
file://CVE-2024-32230.patch \
"
SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"