From: Virendra Thakur <virendra.tha...@kpit.com> Add patch to fix CVE-2022-1475
Signed-off-by: Virendra Thakur <virendra.tha...@kpit.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- .../ffmpeg/ffmpeg/CVE-2022-1475.patch | 36 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch new file mode 100644 index 0000000000..bd8a08a216 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-1475.patch @@ -0,0 +1,36 @@ +From: Michael Niedermayer <mich...@niedermayer.cc> +Date: Sun, 27 Feb 2022 14:43:04 +0100 +Subject: [PATCH] avcodec/g729_parser: Check channels + +Fixes: signed integer overflow: 10 * 808464428 cannot be represented in type 'int' +Fixes: assertion failure +Fixes: ticket9651 + +Reviewed-by: Paul B Mahol <one...@gmail.com> +Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> +(cherry picked from commit 757da974b21833529cc41bdcc9684c29660cdfa8) +Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> + +CVE: CVE-2022-1475 +Upstream-Status: Backport [https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f] +Comment: Patch is refreshed as per ffmpeg codebase +Signed-off-by: Virendra Thakur <virendra.tha...@kpit.com> + +--- + libavcodec/g729_parser.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: ffmpeg-4.2.2/libavcodec/g729_parser.c +=================================================================== +--- a/libavcodec/g729_parser.c ++++ b/libavcodec/g729_parser.c +@@ -48,6 +48,9 @@ static int g729_parse(AVCodecParserConte + av_assert1(avctx->codec_id == AV_CODEC_ID_G729); + /* FIXME: replace this heuristic block_size with more precise estimate */ + s->block_size = (avctx->bit_rate < 8000) ? G729D_6K4_BLOCK_SIZE : G729_8K_BLOCK_SIZE; ++ // channels > 2 is invalid, we pass the packet on unchanged ++ if (avctx->channels > 2) ++ s->block_size = 0; + s->block_size *= avctx->channels; + s->duration = avctx->frame_size; + } diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb index 1d6f2e528b..cbfdbf0563 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb @@ -29,6 +29,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ file://CVE-2021-3566.patch \ file://CVE-2021-38291.patch \ + file://CVE-2022-1475.patch \ " SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166452): https://lists.openembedded.org/g/openembedded-core/message/166452 Mute This Topic: https://lists.openembedded.org/mt/91492149/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
