Message ID | 20230119171657.656875-1-narpat.mali@windriver.com |
---|---|
State | Accepted, archived |
Commit | e17ddd0fafb562ed7ebe7708dac9bcef2d6cecc1 |
Headers | show |
Series | [kirkstone,1/1] ffmpeg: fix for CVE-2022-3341 | expand |
On Thu, Jan 19, 2023 at 7:20 AM Narpat Mali <narpat.mali@windriver.com> wrote: > > avformat/nutdec: Add check for avformat_new_stream > Check for failure of avformat_new_stream() and propagate > the error code. > > Signed-off-by: Narpat Mali <narpat.mali@windriver.com> > --- > ...ec-Add-check-for-avformat_new_stream.patch | 67 +++++++++++++++++++ In the future please name CVE patches with the CVE number, i.e. CVE-2022-3341 This makes it much easier to see which patches are CVE fixes without having to open the file. Thanks, Steve > .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + > 2 files changed, 68 insertions(+) > create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > new file mode 100644 > index 00000000000..41d5884f880 > --- /dev/null > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > @@ -0,0 +1,67 @@ > +From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001 > +From: Jiasheng Jiang <jiasheng@iscas.ac.cn> > +Date: Wed, 23 Feb 2022 10:31:59 +0800 > +Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream > + > +Check for failure of avformat_new_stream() and propagate > +the error code. > + > +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > + > +CVE: CVE-2022-3341 > + > +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e] > + > +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> > +--- > + libavformat/nutdec.c | 16 ++++++++++++---- > + 1 file changed, 12 insertions(+), 4 deletions(-) > + > +diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c > +index 0a8a700acf..f9ad2c0af1 100644 > +--- a/libavformat/nutdec.c > ++++ b/libavformat/nutdec.c > +@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut) > + ret = AVERROR(ENOMEM); > + goto fail; > + } > +- for (i = 0; i < stream_count; i++) > +- avformat_new_stream(s, NULL); > ++ for (i = 0; i < stream_count; i++) { > ++ if (!avformat_new_stream(s, NULL)) { > ++ ret = AVERROR(ENOMEM); > ++ goto fail; > ++ } > ++ } > + > + return 0; > + fail: > +@@ -800,19 +804,23 @@ static int nut_read_header(AVFormatContext *s) > + NUTContext *nut = s->priv_data; > + AVIOContext *bc = s->pb; > + int64_t pos; > +- int initialized_stream_count; > ++ int initialized_stream_count, ret; > + > + nut->avf = s; > + > + /* main header */ > + pos = 0; > ++ ret = 0; > + do { > ++ if (ret == AVERROR(ENOMEM)) > ++ return ret; > ++ > + pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; > + if (pos < 0 + 1) { > + av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); > + return AVERROR_INVALIDDATA; > + } > +- } while (decode_main_header(nut) < 0); > ++ } while ((ret = decode_main_header(nut)) < 0); > + > + /* stream headers */ > + pos = 0; > +-- > +2.34.1 > + > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > index 95b4bf50ace..57990331487 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > @@ -26,6 +26,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ > file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ > file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ > file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ > + file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ > " > > SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#176153): https://lists.openembedded.org/g/openembedded-core/message/176153 > Mute This Topic: https://lists.openembedded.org/mt/96381863/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Sure, Steve. Best Regards, Narpat
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch new file mode 100644 index 00000000000..41d5884f880 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch @@ -0,0 +1,67 @@ +From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang <jiasheng@iscas.ac.cn> +Date: Wed, 23 Feb 2022 10:31:59 +0800 +Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream + +Check for failure of avformat_new_stream() and propagate +the error code. + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + +CVE: CVE-2022-3341 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + libavformat/nutdec.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c +index 0a8a700acf..f9ad2c0af1 100644 +--- a/libavformat/nutdec.c ++++ b/libavformat/nutdec.c +@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut) + ret = AVERROR(ENOMEM); + goto fail; + } +- for (i = 0; i < stream_count; i++) +- avformat_new_stream(s, NULL); ++ for (i = 0; i < stream_count; i++) { ++ if (!avformat_new_stream(s, NULL)) { ++ ret = AVERROR(ENOMEM); ++ goto fail; ++ } ++ } + + return 0; + fail: +@@ -800,19 +804,23 @@ static int nut_read_header(AVFormatContext *s) + NUTContext *nut = s->priv_data; + AVIOContext *bc = s->pb; + int64_t pos; +- int initialized_stream_count; ++ int initialized_stream_count, ret; + + nut->avf = s; + + /* main header */ + pos = 0; ++ ret = 0; + do { ++ if (ret == AVERROR(ENOMEM)) ++ return ret; ++ + pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; + if (pos < 0 + 1) { + av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); + return AVERROR_INVALIDDATA; + } +- } while (decode_main_header(nut) < 0); ++ } while ((ret = decode_main_header(nut)) < 0); + + /* stream headers */ + pos = 0; +-- +2.34.1 + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 95b4bf50ace..57990331487 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -26,6 +26,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ + file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
avformat/nutdec: Add check for avformat_new_stream Check for failure of avformat_new_stream() and propagate the error code. Signed-off-by: Narpat Mali <narpat.mali@windriver.com> --- ...ec-Add-check-for-avformat_new_stream.patch | 67 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 68 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch