!115 Fix CVE-2021-28429

From: @happyworker Reviewed-by: @technology208 Signed-off-by: @technology208
2024-07-08 08:17:19 +00:00 · 2024-07-08 08:17:19 +00:00 · 57b3566d53
commit 57b3566d53
parent b0a92a5d6d ecf3f601af
2 changed files with 32 additions and 2 deletions
--- a/CVE-2021-28429.patch
+++ b/CVE-2021-28429.patch
@ -0,0 +1,27 @@
+From 548bc2942ab160e852811bdb0499b5e226aa0d54 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Thu, 4 Jul 2024 15:03:12 +0800
+Subject: [PATCH] CVE-2021-28429
+
+---
+ libavutil/timecode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libavutil/timecode.c b/libavutil/timecode.c
+index 60077ba..e34092f 100644
+--- a/libavutil/timecode.c
+++ b/libavutil/timecode.c
+@@ -96,8 +96,8 @@ char *av_timecode_make_string(const AVTimecode *tc, char *buf, int framenum)
+     }
+     ff = framenum % fps;
+     ss = framenum / fps        % 60;
+-    mm = framenum / (fps*60)   % 60;
+-    hh = framenum / (fps*3600);
+    mm = framenum / (fps*60LL) % 60;
+    hh = framenum / (fps*3600LL);
+     if (tc->flags & AV_TIMECODE_FLAG_24HOURSMAX)
+         hh = hh % 24;
+     snprintf(buf, AV_TIMECODE_STR_SIZE, "%s%02d:%02d:%02d%c%02d",
+-- 
+2.43.0
+
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        13
+Release:        14
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@ -416,9 +416,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}


 %changelog
-* Thu Jul  3 2024 happyworker <208suo@208suo.com> - 4.2.4-13
+* Mon Jul  8 2024 happyworker <208suo@208suo.com> - 4.2.4-14
 - Fix CVE-2024-31585

+* Thu Jul  4 2024 happyworker <208suo@208suo.com> - 4.2.4-13
+- Fix CVE-2021-28429
+
 * Tue Jul  2 2024 happyworker <208suo@208suo.com> - 4.2.4-12
 - Fix CVE-2021-38171