!35 fix CVE-2024-31578

From: @cenhuilin Reviewed-by: @technology208 Signed-off-by: @technology208
2024-06-19 06:06:31 +00:00 · 2024-06-19 06:06:31 +00:00 · 590bcfb2ff
commit 590bcfb2ff
parent dd474b5b6d 8efe445183
2 changed files with 48 additions and 1 deletions
--- a/CVE-2024-31578.patch
+++ b/CVE-2024-31578.patch
@ -0,0 +1,43 @@
+From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001
+From: Zhao Zhili <zhilizhao@tencent.com>
+Date: Wed, 1 May 2024 18:08:51 +0800
+Subject: [PATCH]  avutil/hwcontext: Don't assume frames_uninit is reentrant.
+Fix heap use after free when vulkan_frames_init failed.
+
+Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
+---
+ libavutil/hwcontext.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
+index f1e404a..3b99b8a 100644
+--- a/libavutil/hwcontext.c
+++ b/libavutil/hwcontext.c
+@@ -358,7 +358,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
+     if (ctx->internal->hw_type->frames_init) {
+         ret = ctx->internal->hw_type->frames_init(ctx);
+         if (ret < 0)
+-            goto fail;
+            return ret;
+     }
+ 
+     if (ctx->internal->pool_internal && !ctx->pool)
+@@ -368,14 +368,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
+     if (ctx->initial_pool_size > 0) {
+         ret = hwframe_pool_prealloc(ref);
+         if (ret < 0)
+-            goto fail;
+            return ret;
+     }
+ 
+     return 0;
+-fail:
+-    if (ctx->internal->hw_type->frames_uninit)
+-        ctx->internal->hw_type->frames_uninit(ctx);
+-    return ret;
+ }
+ 
+ int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
+-- 
+2.23.0
+
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        4
+Release:        5
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@ -75,6 +75,7 @@ Patch2:         CVE-2021-3566.patch
 Patch3:         CVE-2021-38291.patch
 Patch4:         CVE-2021-38114.patch
 Patch5:         CVE-2020-35964.patch
+Patch6:         CVE-2024-31578.patch
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@ -407,6 +408,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}


 %changelog
+* Wed May 01 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.2.4-5
+- fix CVE-2024-31578
+
 * Thu Jun 2 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
 - Fix CVE-2021-38114 and CVE-2020-35964