mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-17 09:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

ffmpeg: update 4.4 -> 4.4.1

Browse Source 
(From OE-Core rev: f3afff95455153a89df1d0b15b6173b910863be8)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Alexander Kanavin
2021-11-02 09:42:54 +01:00
committed by Richard Purdie
parent 6a9bc76d6e
commit c537fbff68
9 changed files with 2 additions and 411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20446.patch
View File

@@ -1,35 +0,0 @@
From 223b5e8ac9f6461bb13ed365419ec485c5b2b002 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 28 May 2021 20:18:25 +0200
Subject: [PATCH] avcodec/aacpsy: Avoid floating point division by 0 of
norm_fac
Fixes: Ticket7995
Fixes: CVE-2020-20446
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-20446
Upstream-Status: Backport [223b5e8ac9f6461bb13ed365419ec485c5b2b002]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
---
libavcodec/aacpsy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c
index 482113d427..e51d29750b 100644
--- a/libavcodec/aacpsy.c
+++ b/libavcodec/aacpsy.c
@@ -794,7 +794,7 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel,
if (pe < 1.15f * desired_pe) {
/* 6.6.1.3.6 "Final threshold modification by linearization" */
- norm_fac = 1.0f / norm_fac;
+ norm_fac = norm_fac ? 1.0f / norm_fac : 0;
for (w = 0; w < wi->num_windows*16; w += 16) {
for (g = 0; g < num_bands; g++) {
AacPsyBand *band = &pch->band[w+g];
--
2.32.0

42
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-20453.patch
View File

@@ -1,42 +0,0 @@
From a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 28 May 2021 21:37:26 +0200
Subject: [PATCH] avcodec/aacenc: Avoid 0 lambda
Fixes: Ticket8003
Fixes: CVE-2020-20453
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-20453
Upstream-Status: Backport [a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
---
libavcodec/aacenc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c
index aa223cf25f..e80591ba86 100644
--- a/libavcodec/aacenc.c
+++ b/libavcodec/aacenc.c
@@ -28,6 +28,7 @@
* TODOs:
* add sane pulse detection
***********************************/
+#include <float.h>
#include "libavutil/libm.h"
#include "libavutil/float_dsp.h"
@@ -852,7 +853,7 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
/* Not so fast though */
ratio = sqrtf(ratio);
}
- s->lambda = FFMIN(s->lambda * ratio, 65536.f);
+ s->lambda = av_clipf(s->lambda * ratio, FLT_MIN, 65536.f);
/* Keep iterating if we must reduce and lambda is in the sky */
if (ratio > 0.9f && ratio < 1.1f) {
--
2.32.0

44
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22015.patch
View File

@@ -1,44 +0,0 @@
From 4c1afa292520329eecd1cc7631bc59a8cca95c46 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 29 May 2021 09:22:27 +0200
Subject: [PATCH] avformat/movenc: Check pal_size before use
Fixes: assertion failure
Fixes: out of array read
Fixes: Ticket8190
Fixes: CVE-2020-22015
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-22015
Upstream-Status: Backport [4c1afa292520329eecd1cc7631bc59a8cca95c46]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
---
libavformat/movenc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/movenc.c b/libavformat/movenc.c
index 2ab507df15..7d839f447b 100644
--- a/libavformat/movenc.c
+++ b/libavformat/movenc.c
@@ -2160,11 +2160,13 @@ static int mov_write_video_tag(AVFormatContext *s, AVIOContext *pb, MOVMuxContex
avio_wb16(pb, 0x18); /* Reserved */
if (track->mode == MODE_MOV && track->par->format == AV_PIX_FMT_PAL8) {
- int pal_size = 1 << track->par->bits_per_coded_sample;
- int i;
+ int pal_size, i;
avio_wb16(pb, 0); /* Color table ID */
avio_wb32(pb, 0); /* Color table seed */
avio_wb16(pb, 0x8000); /* Color table flags */
+ if (track->par->bits_per_coded_sample < 0 || track->par->bits_per_coded_sample > 8)
+ return AVERROR(EINVAL);
+ pal_size = 1 << track->par->bits_per_coded_sample;
avio_wb16(pb, pal_size - 1); /* Color table size (zero-relative) */
for (i = 0; i < pal_size; i++) {
uint32_t rgb = track->palette[i];
--
2.32.0

87
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22021.patch
View File

@@ -1,87 +0,0 @@
From 7971f62120a55c141ec437aa3f0bacc1c1a3526b Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 29 May 2021 11:17:35 +0200
Subject: [PATCH] avfilter/vf_yadif: Fix handing of tiny images
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-22021
Upstream-Status: Backport [7971f62120a55c141ec437aa3f0bacc1c1a3526b]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
---
libavfilter/vf_yadif.c | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/libavfilter/vf_yadif.c b/libavfilter/vf_yadif.c
index 91cc79ecc3..b0d9fbaf1f 100644
--- a/libavfilter/vf_yadif.c
+++ b/libavfilter/vf_yadif.c
@@ -123,20 +123,22 @@ static void filter_edges(void *dst1, void *prev1, void *cur1, void *next1,
uint8_t *next2 = parity ? cur : next;
const int edge = MAX_ALIGN - 1;
+ int offset = FFMAX(w - edge, 3);
/* Only edge pixels need to be processed here. A constant value of false
* for is_not_edge should let the compiler ignore the whole branch. */
- FILTER(0, 3, 0)
+ FILTER(0, FFMIN(3, w), 0)
- dst = (uint8_t*)dst1 + w - edge;
- prev = (uint8_t*)prev1 + w - edge;
- cur = (uint8_t*)cur1 + w - edge;
- next = (uint8_t*)next1 + w - edge;
+ dst = (uint8_t*)dst1 + offset;
+ prev = (uint8_t*)prev1 + offset;
+ cur = (uint8_t*)cur1 + offset;
+ next = (uint8_t*)next1 + offset;
prev2 = (uint8_t*)(parity ? prev : cur);
next2 = (uint8_t*)(parity ? cur : next);
- FILTER(w - edge, w - 3, 1)
- FILTER(w - 3, w, 0)
+ FILTER(offset, w - 3, 1)
+ offset = FFMAX(offset, w - 3);
+ FILTER(offset, w, 0)
}
@@ -170,21 +172,23 @@ static void filter_edges_16bit(void *dst1, void *prev1, void *cur1, void *next1,
uint16_t *next2 = parity ? cur : next;
const int edge = MAX_ALIGN / 2 - 1;
+ int offset = FFMAX(w - edge, 3);
mrefs /= 2;
prefs /= 2;
- FILTER(0, 3, 0)
+ FILTER(0, FFMIN(3, w), 0)
- dst = (uint16_t*)dst1 + w - edge;
- prev = (uint16_t*)prev1 + w - edge;
- cur = (uint16_t*)cur1 + w - edge;
- next = (uint16_t*)next1 + w - edge;
+ dst = (uint16_t*)dst1 + offset;
+ prev = (uint16_t*)prev1 + offset;
+ cur = (uint16_t*)cur1 + offset;
+ next = (uint16_t*)next1 + offset;
prev2 = (uint16_t*)(parity ? prev : cur);
next2 = (uint16_t*)(parity ? cur : next);
- FILTER(w - edge, w - 3, 1)
- FILTER(w - 3, w, 0)
+ FILTER(offset, w - 3, 1)
+ offset = FFMAX(offset, w - 3);
+ FILTER(offset, w, 0)
}
static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)
--
2.32.0

40
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2020-22033-CVE-2020-22019.patch
View File

@@ -1,40 +0,0 @@
From 82ad1b76751bcfad5005440db48c46a4de5d6f02 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 29 May 2021 09:58:31 +0200
Subject: [PATCH] avfilter/vf_vmafmotion: Check dimensions
Fixes: out of array access
Fixes: Ticket8241
Fixes: Ticket8246
Fixes: CVE-2020-22019
Fixes: CVE-2020-22033
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2020-22033
CVE: CVE-2020-22019
Upstream-Status: Backport [82ad1b76751bcfad5005440db48c46a4de5d6f02]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
---
libavfilter/vf_vmafmotion.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavfilter/vf_vmafmotion.c b/libavfilter/vf_vmafmotion.c
index 2db4783d8d..454ebb8afa 100644
--- a/libavfilter/vf_vmafmotion.c
+++ b/libavfilter/vf_vmafmotion.c
@@ -238,6 +238,9 @@ int ff_vmafmotion_init(VMAFMotionData *s,
int i;
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(fmt);
+ if (w < 3 || h < 3)
+ return AVERROR(EINVAL);
+
s->width = w;
s->height = h;
s->stride = FFALIGN(w * sizeof(uint16_t), 32);
--
2.32.0

44
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-33815.patch
View File

@@ -1,44 +0,0 @@
From 26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 25 May 2021 19:29:18 +0200
Subject: [PATCH] avcodec/exr: More strictly check dc_count
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes: out of array access
Fixes: exr/deneme
Found-by: Burak Çarıı <burakcarikci@crypttech.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CVE: CVE-2021-33815
Upstream-Status: Backport [26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777]
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
---
libavcodec/exr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 9377a89169..4648ed7d62 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1059,11 +1059,11 @@ static int dwa_uncompress(EXRContext *s, const uint8_t *src, int compressed_size
bytestream2_skip(&gb, ac_size);
}
- if (dc_size > 0) {
+ {
unsigned long dest_len = dc_count * 2LL;
GetByteContext agb = gb;
- if (dc_count > (6LL * td->xsize * td->ysize + 63) / 64)
+ if (dc_count != dc_w * dc_h * 3)
return AVERROR_INVALIDDATA;
av_fast_padded_malloc(&td->dc_data, &td->dc_size, FFALIGN(dest_len, 64) * 2);
--
2.32.0

67
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
View File

@@ -1,67 +0,0 @@
CVE: CVE-2021-38114
Upstream-Status: Backport
Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
From 463dbe4e78cc560ca5b09f23a07add0eb78ccee8 Mon Sep 17 00:00:00 2001
From: maryam ebr <me22bee@outlook.com>
Date: Tue, 3 Aug 2021 01:05:47 -0400
Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavcodec/dnxhddec.c | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c
index c78d55aee5..9b475a6979 100644
--- a/libavcodec/dnxhddec.c
+++ b/libavcodec/dnxhddec.c
@@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)
static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
{
+ int ret;
if (cid != ctx->cid) {
const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid);
@@ -132,19 +133,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
ff_free_vlc(&ctx->dc_vlc);
ff_free_vlc(&ctx->run_vlc);
- init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
+ if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
ctx->cid_table->ac_bits, 1, 1,
- ctx->cid_table->ac_codes, 2, 2, 0);
- init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
+ ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
+ goto out;
+ if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
ctx->cid_table->dc_bits, 1, 1,
- ctx->cid_table->dc_codes, 1, 1, 0);
- init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
+ ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
+ goto out;
+ if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
ctx->cid_table->run_bits, 1, 1,
- ctx->cid_table->run_codes, 2, 2, 0);
+ ctx->cid_table->run_codes, 2, 2, 0)) < 0)
+ goto out;
ctx->cid = cid;
}
- return 0;
+ ret = 0;
+out:
+ if (ret < 0)
+ av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
+ return ret;
}
static int dnxhd_get_profile(int cid)
--
2.31.1

42
meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38171.patch
View File

@@ -1,42 +0,0 @@
CVE: CVE-2021-38171
Upstream-Status: Backport
Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
From fb993619d1035fa9646506925ea70fb122038999 Mon Sep 17 00:00:00 2001
From: maryam ebrahimzadeh <me22bee@outlook.com>
Date: Wed, 4 Aug 2021 16:15:18 -0400
Subject: [PATCH] avformat/adtsenc: return value check for init_get_bits in
adts_decode_extradata
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is part of 'AVPacket pkt'.
replace init_get_bits with init_get_bits8.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/adtsenc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
index 3595cb3bb2..c35a12a628 100644
--- a/libavformat/adtsenc.c
+++ b/libavformat/adtsenc.c
@@ -51,9 +51,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui
GetBitContext gb;
PutBitContext pb;
MPEG4AudioConfig m4ac;
- int off;
+ int off, ret;
- init_get_bits(&gb, buf, size * 8);
+ ret = init_get_bits8(&gb, buf, size);
+ if (ret < 0)
+ return ret;
off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s);
if (off < 0)
return off;
--
2.31.1

12
meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.bb → meta/recipes-multimedia/ffmpeg/ffmpeg_4.4.1.bb
View File

@@ -25,16 +25,8 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
file://fix-CVE-2020-20446.patch \
file://fix-CVE-2020-20453.patch \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
file://fix-CVE-2021-33815.patch \
file://fix-CVE-2021-38171.patch \
file://fix-CVE-2021-38114.patch \
"
SRC_URI[sha256sum] = "06b10a183ce5371f915c6bb15b7b1fffbe046e8275099c96affc29e17645d909"
"
SRC_URI[sha256sum] = "eadbad9e9ab30b25f5520fbfde99fae4a92a1ae3c0257a8d68569a4651e30e02"
# Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
ARM_INSTRUCTION_SET:armv4 = "arm"