From 8efe445183e645028f32e10c7bef4bb394683255 Mon Sep 17 00:00:00 2001
From: cenhuilin <cenhuilin@kylinos.cn>
Date: Wed, 1 May 2024 18:21:38 +0800
Subject: [PATCH] fix CVE-2024-31578

---
 CVE-2024-31578.patch | 43 +++++++++++++++++++++++++++++++++++++++++++
 ffmpeg.spec          |  6 +++++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-31578.patch

diff --git a/CVE-2024-31578.patch b/CVE-2024-31578.patch
new file mode 100644
index 0000000..3bfd5bf
--- /dev/null
+++ b/CVE-2024-31578.patch
@@ -0,0 +1,43 @@
+From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001
+From: Zhao Zhili <zhilizhao@tencent.com>
+Date: Wed, 1 May 2024 18:08:51 +0800
+Subject: [PATCH]  avutil/hwcontext: Don't assume frames_uninit is reentrant.
+Fix heap use after free when vulkan_frames_init failed.
+
+Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
+---
+ libavutil/hwcontext.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
+index f1e404a..3b99b8a 100644
+--- a/libavutil/hwcontext.c
++++ b/libavutil/hwcontext.c
+@@ -358,7 +358,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
+     if (ctx->internal->hw_type->frames_init) {
+         ret = ctx->internal->hw_type->frames_init(ctx);
+         if (ret < 0)
+-            goto fail;
++            return ret;
+     }
+ 
+     if (ctx->internal->pool_internal && !ctx->pool)
+@@ -368,14 +368,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref)
+     if (ctx->initial_pool_size > 0) {
+         ret = hwframe_pool_prealloc(ref);
+         if (ret < 0)
+-            goto fail;
++            return ret;
+     }
+ 
+     return 0;
+-fail:
+-    if (ctx->internal->hw_type->frames_uninit)
+-        ctx->internal->hw_type->frames_uninit(ctx);
+-    return ret;
+ }
+ 
+ int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
+-- 
+2.23.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index a9fbdcd..2a62112 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        4
+Release:        5
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@@ -75,6 +75,7 @@ Patch2:         CVE-2021-3566.patch
 Patch3:         CVE-2021-38291.patch
 Patch4:         CVE-2021-38114.patch
 Patch5:         CVE-2020-35964.patch
+Patch6:         CVE-2024-31578.patch
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@@ -407,6 +408,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Wed May 01 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.2.4-5
+- fix CVE-2024-31578
+
 * Thu Jun 2 2022 yangweidong <yangweidong9@huawei.com> - 4.2.4-4
 - Fix CVE-2021-38114 and CVE-2020-35964