| Message ID | 20230210122058.8715-1-bindudaniel1996@gmail.com |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [dunfell] ffmpeg: fix for CVE-2022-3341 | expand |
On Fri, Feb 10, 2023 at 2:21 AM Bhabu Bindu <bindudaniel1996@gmail.com> wrote: > > From: Bhabu Bindu <bhabu.bindu@kpit.com> > > avformat/nutdec: Add check for avformat_new_stream > Check for failure of avformat_new_stream() and propagate > the error code. > > Upstream-Status: Backport [https://git.yoctoproject.org/poky/commit/?h=kirkstone&id=bba70ce34115151362bfdc49a545ee708eb297ca] > > (From OE-Core rev: e17ddd0fafb562ed7ebe7708dac9bcef2d6cecc1) > > Signed-off-by: Narpat Mali <narpat.mali@windriver.com> > Signed-off-by: Steve Sakoman <steve@sakoman.com> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > (cherry picked from commit bba70ce34115151362bfdc49a545ee708eb297ca) > Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> > --- > ...ec-Add-check-for-avformat_new_stream.patch | 66 +++++++++++++++++++ > .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 3 +- > 2 files changed, 68 insertions(+), 1 deletion(-) > create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > new file mode 100644 > index 0000000000..706db9669a > --- /dev/null > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch This patch should be named CVE-2022-3341.patch. Please submit a V2! > @@ -0,0 +1,66 @@ > +From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001 > +From: Jiasheng Jiang <jiasheng@iscas.ac.cn> > +Date: Wed, 23 Feb 2022 10:31:59 +0800 > +Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream > + > +Check for failure of avformat_new_stream() and propagate > +the error code. > + > +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > + > +CVE: CVE-2022-3341 > + > +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e] > + > +Comments: Refreshed Hunk > +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> > +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> > +--- > + libavformat/nutdec.c | 16 ++++++++++++---- > + 1 file changed, 12 insertions(+), 4 deletions(-) > + > +diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c > +index 0a8a700acf..f9ad2c0af1 100644 > +--- a/libavformat/nutdec.c > ++++ b/libavformat/nutdec.c > +@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut) > + ret = AVERROR(ENOMEM); > + goto fail; > + } > +- for (i = 0; i < stream_count; i++) > +- avformat_new_stream(s, NULL); > ++ for (i = 0; i < stream_count; i++) { > ++ if (!avformat_new_stream(s, NULL)) { > ++ ret = AVERROR(ENOMEM); > ++ goto fail; > ++ } > ++ } > + > + return 0; > + fail: > +@@ -793,19 +793,23 @@ > + NUTContext *nut = s->priv_data; > + AVIOContext *bc = s->pb; > + int64_t pos; > +- int initialized_stream_count; > ++ int initialized_stream_count, ret; > + > + nut->avf = s; > + > + /* main header */ > + pos = 0; > ++ ret = 0; > + do { > ++ if (ret == AVERROR(ENOMEM)) > ++ return ret; > ++ > + pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; > + if (pos < 0 + 1) { > + av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); > + goto fail; > + } > +- } while (decode_main_header(nut) < 0); > ++ } while ((ret = decode_main_header(nut)) < 0); > + > + /* stream headers */ > + pos = 0; > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb > index cbfdbf0563..737fd33fa5 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb > @@ -30,7 +30,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ > file://CVE-2021-3566.patch \ > file://CVE-2021-38291.patch \ > file://CVE-2022-1475.patch \ > - " > + file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ > + " Also, this won't apply because we have your other ffmpeg CVE fix in the current pull request: https://git.openembedded.org/openembedded-core-contrib/commit/?id=a626228a4be4c52c9d3f43eb1756c1defc22a5e4&h=stable%2Fdunfell-next So please take this into account with your V2. Thanks! Steve > SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" > SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c" > > -- > 2.17.1 >
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch new file mode 100644 index 0000000000..706db9669a --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch @@ -0,0 +1,66 @@ +From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang <jiasheng@iscas.ac.cn> +Date: Wed, 23 Feb 2022 10:31:59 +0800 +Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream + +Check for failure of avformat_new_stream() and propagate +the error code. + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + +CVE: CVE-2022-3341 + +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e] + +Comments: Refreshed Hunk +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> +--- + libavformat/nutdec.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c +index 0a8a700acf..f9ad2c0af1 100644 +--- a/libavformat/nutdec.c ++++ b/libavformat/nutdec.c +@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut) + ret = AVERROR(ENOMEM); + goto fail; + } +- for (i = 0; i < stream_count; i++) +- avformat_new_stream(s, NULL); ++ for (i = 0; i < stream_count; i++) { ++ if (!avformat_new_stream(s, NULL)) { ++ ret = AVERROR(ENOMEM); ++ goto fail; ++ } ++ } + + return 0; + fail: +@@ -793,19 +793,23 @@ + NUTContext *nut = s->priv_data; + AVIOContext *bc = s->pb; + int64_t pos; +- int initialized_stream_count; ++ int initialized_stream_count, ret; + + nut->avf = s; + + /* main header */ + pos = 0; ++ ret = 0; + do { ++ if (ret == AVERROR(ENOMEM)) ++ return ret; ++ + pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; + if (pos < 0 + 1) { + av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); + goto fail; + } +- } while (decode_main_header(nut) < 0); ++ } while ((ret = decode_main_header(nut)) < 0); + + /* stream headers */ + pos = 0; diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb index cbfdbf0563..737fd33fa5 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb @@ -30,7 +30,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2021-3566.patch \ file://CVE-2021-38291.patch \ file://CVE-2022-1475.patch \ - " + file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ + " SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3" SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c"