mirror of
https://git.yoctoproject.org/poky
synced 2026-02-25 19:09:41 +01:00
ffmpeg: upgrade 6.1.3 -> 6.1.4
Dropped patches that are part of the upstream version.
Changelog:
34277e12e8:/Changelog
(From OE-Core rev: f9f054faca45a08507b510c8982f170edd6bf83a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
committed by
Richard Purdie
parent
463172affb
commit
b8600b66e4
@@ -1,62 +0,0 @@
|
||||
From ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
||||
Date: Mon, 25 Mar 2024 16:54:25 +0100
|
||||
Subject: [PATCH] fftools/ffmpeg_mux_init: Fix double-free on error
|
||||
|
||||
MATCH_PER_STREAM_OPT iterates over all options of a given
|
||||
OptionDef and tests whether they apply to the current stream;
|
||||
if so, they are set to ost->apad, otherwise, the code errors
|
||||
out. If no error happens, ost->apad is av_strdup'ed in order
|
||||
to take ownership of this pointer.
|
||||
|
||||
But this means that setting it originally was premature,
|
||||
as it leads to double-frees when an error happens lateron.
|
||||
This can simply be reproduced with
|
||||
ffmpeg -filter_complex anullsrc -apad bar -apad:n baz -f null -
|
||||
This is a regression since 83ace80bfd80fcdba2c65fa1d554923ea931d5bd.
|
||||
|
||||
Fix this by using a temporary variable instead of directly
|
||||
setting ost->apad. Also only strdup the string if it actually
|
||||
is != NULL.
|
||||
|
||||
Reviewed-by: Marth64 <marth64@proxyid.net>
|
||||
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
||||
|
||||
CVE: CVE-2024-35365
|
||||
|
||||
Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5]
|
||||
|
||||
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
|
||||
---
|
||||
fftools/ffmpeg_mux_init.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
|
||||
index 63a25a3..685c064 100644
|
||||
--- a/fftools/ffmpeg_mux_init.c
|
||||
+++ b/fftools/ffmpeg_mux_init.c
|
||||
@@ -845,6 +845,7 @@ static int new_stream_audio(Muxer *mux, const OptionsContext *o,
|
||||
int channels = 0;
|
||||
char *layout = NULL;
|
||||
char *sample_fmt = NULL;
|
||||
+ const char *apad = NULL;
|
||||
|
||||
MATCH_PER_STREAM_OPT(audio_channels, i, channels, oc, st);
|
||||
if (channels) {
|
||||
@@ -882,8 +883,12 @@ static int new_stream_audio(Muxer *mux, const OptionsContext *o,
|
||||
|
||||
MATCH_PER_STREAM_OPT(audio_sample_rate, i, audio_enc->sample_rate, oc, st);
|
||||
|
||||
- MATCH_PER_STREAM_OPT(apad, str, ost->apad, oc, st);
|
||||
- ost->apad = av_strdup(ost->apad);
|
||||
+ MATCH_PER_STREAM_OPT(apad, str, apad, oc, st);
|
||||
+ if (apad) {
|
||||
+ ost->apad = av_strdup(apad);
|
||||
+ if (!ost->apad)
|
||||
+ return AVERROR(ENOMEM);
|
||||
+ }
|
||||
|
||||
#if FFMPEG_OPT_MAP_CHANNEL
|
||||
/* check for channel mapping for this audio stream */
|
||||
--
|
||||
2.40.0
|
||||
@@ -1,36 +0,0 @@
|
||||
From 7a089ed8e049e3bfcb22de1250b86f2106060857 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
||||
Date: Tue, 12 Mar 2024 23:23:17 +0100
|
||||
Subject: [PATCH] avformat/avidec: Fix integer overflow iff ULONG_MAX <
|
||||
INT64_MAX
|
||||
|
||||
Affects many FATE-tests, see
|
||||
https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
|
||||
|
||||
Reviewed-by: James Almer <jamrial@gmail.com>
|
||||
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
||||
|
||||
CVE: CVE-2024-36618
|
||||
|
||||
Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857]
|
||||
|
||||
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
|
||||
---
|
||||
libavformat/avidec.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
|
||||
index 00bd7a9..bc95466 100644
|
||||
--- a/libavformat/avidec.c
|
||||
+++ b/libavformat/avidec.c
|
||||
@@ -1696,7 +1696,7 @@ static int check_stream_max_drift(AVFormatContext *s)
|
||||
int *idx = av_calloc(s->nb_streams, sizeof(*idx));
|
||||
if (!idx)
|
||||
return AVERROR(ENOMEM);
|
||||
- for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1LU) {
|
||||
+ for (min_pos = pos = 0; min_pos != INT64_MAX; pos = min_pos + 1ULL) {
|
||||
int64_t max_dts = INT64_MIN / 2;
|
||||
int64_t min_dts = INT64_MAX / 2;
|
||||
int64_t max_buffer = 0;
|
||||
--
|
||||
2.40.0
|
||||
@@ -1,105 +0,0 @@
|
||||
From bedfb6eca402037f5cbb115fa767d106b8c14f1c Mon Sep 17 00:00:00 2001
|
||||
From: Lynne <dev@lynne.ee>
|
||||
Date: Sat, 8 Feb 2025 04:35:31 +0100
|
||||
Subject: [PATCH] aacenc_tns: clamp filter direction energy measurement
|
||||
|
||||
The issue is that:
|
||||
|
||||
float en[2];
|
||||
...
|
||||
tns->n_filt[w] = is8 ? 1 : order != TNS_MAX_ORDER ? 2 : 3;
|
||||
for (g = 0; g < tns->n_filt[w]; g++) {
|
||||
tns->direction[w][g] = slant != 2 ? slant : en[g] < en[!g];
|
||||
|
||||
When using the AAC Main profile, n_filt = 3, and slant is by
|
||||
default 2 (normal long frames), g can go above 1.
|
||||
|
||||
en is the evolution of energy in the frequency domain for every
|
||||
band at the given window. E.g. whether the energy is concentrated
|
||||
at the top of each band, or the bottom.
|
||||
|
||||
For 2-pole filters, its straightforward.
|
||||
For 3-pole filters, we need more than 2 measurements.
|
||||
|
||||
This commit properly implements support for 3-pole filters, by measuring
|
||||
the band energy across three areas.
|
||||
|
||||
Do note that even xHE-AAC caps n_filt to 2, and only AAC Main allows
|
||||
n_filt == 3.
|
||||
|
||||
Fixes https://trac.ffmpeg.org/ticket/11418
|
||||
|
||||
CVE: CVE-2025-1594
|
||||
|
||||
Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/bedfb6eca402037f5cbb115fa767d106b8c14f1c]
|
||||
|
||||
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
|
||||
---
|
||||
libavcodec/aacenc_tns.c | 33 ++++++++++++++++++++++++---------
|
||||
1 file changed, 24 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libavcodec/aacenc_tns.c b/libavcodec/aacenc_tns.c
|
||||
index 8dc6dfc..9ea3506 100644
|
||||
--- a/libavcodec/aacenc_tns.c
|
||||
+++ b/libavcodec/aacenc_tns.c
|
||||
@@ -172,6 +172,7 @@ void ff_aac_search_for_tns(AACEncContext *s, SingleChannelElement *sce)
|
||||
sce->ics.window_sequence[0] == LONG_START_SEQUENCE ? 0 : 2;
|
||||
const int sfb_len = sfb_end - sfb_start;
|
||||
const int coef_len = sce->ics.swb_offset[sfb_end] - sce->ics.swb_offset[sfb_start];
|
||||
+ const int n_filt = is8 ? 1 : order != TNS_MAX_ORDER ? 2 : 3;
|
||||
|
||||
if (coef_len <= 0 || sfb_len <= 0) {
|
||||
sce->tns.present = 0;
|
||||
@@ -179,16 +180,30 @@ void ff_aac_search_for_tns(AACEncContext *s, SingleChannelElement *sce)
|
||||
}
|
||||
|
||||
for (w = 0; w < sce->ics.num_windows; w++) {
|
||||
- float en[2] = {0.0f, 0.0f};
|
||||
+ float en[4] = {0.0f, 0.0f, 0.0f, 0.0f};
|
||||
int oc_start = 0, os_start = 0;
|
||||
int coef_start = sce->ics.swb_offset[sfb_start];
|
||||
|
||||
- for (g = sfb_start; g < sce->ics.num_swb && g <= sfb_end; g++) {
|
||||
- FFPsyBand *band = &s->psy.ch[s->cur_channel].psy_bands[w*16+g];
|
||||
- if (g > sfb_start + (sfb_len/2))
|
||||
- en[1] += band->energy;
|
||||
- else
|
||||
- en[0] += band->energy;
|
||||
+ if (n_filt == 2) {
|
||||
+ for (g = sfb_start; g < sce->ics.num_swb && g <= sfb_end; g++) {
|
||||
+ FFPsyBand *band = &s->psy.ch[s->cur_channel].psy_bands[w*16+g];
|
||||
+ if (g > sfb_start + (sfb_len/2))
|
||||
+ en[1] += band->energy; /* End */
|
||||
+ else
|
||||
+ en[0] += band->energy; /* Start */
|
||||
+ }
|
||||
+ en[2] = en[0];
|
||||
+ } else {
|
||||
+ for (g = sfb_start; g < sce->ics.num_swb && g <= sfb_end; g++) {
|
||||
+ FFPsyBand *band = &s->psy.ch[s->cur_channel].psy_bands[w*16+g];
|
||||
+ if (g > sfb_start + (sfb_len/2) + (sfb_len/4))
|
||||
+ en[2] += band->energy; /* End */
|
||||
+ else if (g > sfb_start + (sfb_len/2) - (sfb_len/4))
|
||||
+ en[1] += band->energy; /* Middle */
|
||||
+ else
|
||||
+ en[0] += band->energy; /* Start */
|
||||
+ }
|
||||
+ en[3] = en[0];
|
||||
}
|
||||
|
||||
/* LPC */
|
||||
@@ -198,9 +213,9 @@ void ff_aac_search_for_tns(AACEncContext *s, SingleChannelElement *sce)
|
||||
if (!order || !isfinite(gain) || gain < TNS_GAIN_THRESHOLD_LOW || gain > TNS_GAIN_THRESHOLD_HIGH)
|
||||
continue;
|
||||
|
||||
- tns->n_filt[w] = is8 ? 1 : order != TNS_MAX_ORDER ? 2 : 3;
|
||||
+ tns->n_filt[w] = n_filt;
|
||||
for (g = 0; g < tns->n_filt[w]; g++) {
|
||||
- tns->direction[w][g] = slant != 2 ? slant : en[g] < en[!g];
|
||||
+ tns->direction[w][g] = slant != 2 ? slant : en[g] < en[g + 1];
|
||||
tns->order[w][g] = g < tns->n_filt[w] ? order/tns->n_filt[w] : order - oc_start;
|
||||
tns->length[w][g] = g < tns->n_filt[w] ? sfb_len/tns->n_filt[w] : sfb_len - os_start;
|
||||
quantize_coefs(&coefs[oc_start], tns->coef_idx[w][g], tns->coef[w][g],
|
||||
--
|
||||
2.40.0
|
||||
|
||||
@@ -29,15 +29,12 @@ SRC_URI = " \
|
||||
file://vulkan_fix_gcc14.patch \
|
||||
file://CVE-2024-28661.patch \
|
||||
file://CVE-2023-49528.patch \
|
||||
file://CVE-2024-35365.patch \
|
||||
file://CVE-2024-36618.patch \
|
||||
file://CVE-2024-35369.patch \
|
||||
file://CVE-2025-25473.patch \
|
||||
file://CVE-2025-22921.patch \
|
||||
file://CVE-2025-1594.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "bc5f1e4a4d283a6492354684ee1124129c52293bcfc6a9169193539fbece3487"
|
||||
SRC_URI[sha256sum] = "a231e3d5742c44b1cdaebfb98ad7b6200d12763e0b6db9e1e2c5891f2c083a18"
|
||||
|
||||
# https://nvd.nist.gov/vuln/detail/CVE-2023-39018
|
||||
# https://github.com/bramp/ffmpeg-cli-wrapper/issues/291
|
||||
Reference in New Issue
Block a user