packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-1475

Browse Source 
(cherry picked from commit 95ec0b8c9642bde6f5ecba0d632d9b69035f838a)
This commit is contained in:
happyworker 2024-07-12 16:27:18 +08:00 committed by openeuler-sync-bot
parent 87f5ac2067
commit 09925f0a37
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2022-1475.patch Normal file
View File

@ -0,0 +1,29 @@
From d4dbe14f2559639656e998c0ad4982cc2a53196a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 12 Jul 2024 16:14:34 +0800
Subject: [PATCH] g729_parser:Check channels
Reference:https://git.videolan.org/?p=ffmpeg.git;a=commit;h=757da974b21833529cc41bdcc9684c29660cdfa8
---
libavcodec/g729_parser.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/g729_parser.c b/libavcodec/g729_parser.c
index fc00235..6b63f46 100644
--- a/libavcodec/g729_parser.c
+++ b/libavcodec/g729_parser.c
@@ -48,6 +48,10 @@ static int g729_parse(AVCodecParserContext *s1, AVCodecContext *avctx,
av_assert1(avctx->codec_id == AV_CODEC_ID_G729);
/* FIXME: replace this heuristic block_size with more precise estimate */
s->block_size = (avctx->bit_rate < 8000) ? G729D_6K4_BLOCK_SIZE : G729_8K_BLOCK_SIZE;
+ // channels > 2 is invalid, we pass the packet on unchanged
+ if (avctx->channels > 2)
+ s->block_size = 0;
+
s->block_size *= avctx->channels;
s->duration = avctx->frame_size;
}
--
2.27.0

7
ffmpeg.spec
View File

@ -60,7 +60,7 @@
Summary: Digital VCR and streaming server Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor} Name: ffmpeg%{?flavor}
Version: 4.2.4 Version: 4.2.4
Release: 15 Release: 16
License: %{ffmpeg_license} License: %{ffmpeg_license}
URL: http://ffmpeg.org/ URL: http://ffmpeg.org/
%if 0%{?date} %if 0%{?date}
@ -84,7 +84,7 @@ Patch12: fix-CVE-2023-50010.patch
Patch13: CVE-2021-38171.patch Patch13: CVE-2021-38171.patch
Patch14: CVE-2021-28429.patch Patch14: CVE-2021-28429.patch
Patch15: fix-CVE-2024-32230.patch Patch15: fix-CVE-2024-32230.patch
Patch16: CVE-2022-1475.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@ -418,6 +418,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog %changelog
* Fri Jul 12 2024 happyworker <208suo@208suo.com> - 4.2.4-16
- Fix CVE-2022-1475
* Wed Jul 10 2024 happyworker <208suo@208suo.com> - 4.2.4-15 * Wed Jul 10 2024 happyworker <208suo@208suo.com> - 4.2.4-15
- Fix CVE-2024-32230 - Fix CVE-2024-32230