packages/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!79 [sync] PR-73: Fix CVE-2022-3341

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @technology208 
Signed-off-by: @technology208
This commit is contained in:
openeuler-ci-bot 2024-06-27 11:11:58 +00:00 committed by Gitee
commit 43199cbd35
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
CVE-2022-3341.patch Normal file
View File

@ -0,0 +1,57 @@
From 239f7c59a9512262a999ebed1e44c726e43bbe75 Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Date: Wed, 25 Jun 2024 10:05:47 +0800
Subject: [PATCH] CVE-2022-3341
---
libavformat/nutdec.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 979cb9a..886b5c6 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -346,8 +346,12 @@ static int decode_main_header(NUTContext *nut)
ret = AVERROR(ENOMEM);
goto fail;
}
- for (i = 0; i < stream_count; i++)
- avformat_new_stream(s, NULL);
+ for (i = 0; i < stream_count; i++) {
+ if (!avformat_new_stream(s, NULL)) {
+ ret = AVERROR(ENOMEM);
+ goto fail;
+ }
+ }
return 0;
fail:
@@ -793,19 +797,23 @@ static int nut_read_header(AVFormatContext *s)
NUTContext *nut = s->priv_data;
AVIOContext *bc = s->pb;
int64_t pos;
- int initialized_stream_count;
+ int initialized_stream_count, ret;
nut->avf = s;
/* main header */
pos = 0;
+ ret = 0;
do {
+ if (ret == AVERROR(ENOMEM))
+ return ret;
+
pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
if (pos < 0 + 1) {
av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
goto fail;
}
- } while (decode_main_header(nut) < 0);
+ } while ((ret = decode_main_header(nut)) < 0);
/* stream headers */
pos = 0;
--
2.43.0

6
ffmpeg.spec
View File

@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
Summary: Digital VCR and streaming server
Name: ffmpeg%{?flavor}
Version: 4.2.4
Release: 7
Release: 8
License: %{ffmpeg_license}
URL: http://ffmpeg.org/
%if 0%{?date}
@ -78,6 +78,7 @@ Patch5: CVE-2020-35964.patch
Patch6: CVE-2024-31578.patch
Patch7: CVE-2023-51794.patch
Patch8: fix-CVE-2023-51798.patch
Patch9: CVE-2022-3341.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
%{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -410,6 +411,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
%changelog
* Tue Jun 25 2024 happyworker <208suo@208suo.com> - 4.2.4-8
- Fix CVE-2022-3341
* Tue Jun 25 2024 happyworker <208suo@208suo.com> - 4.2.4-7
- Fix CVE-2023-51798