[scarthgap,04/10] ffmpeg: fix CVE-2024-31582

Message ID	617a9cdba6e2f0bd3ccc24e7bb2fe84e9573fecd.1723083840.git.steve@sakoman.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.169, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/10] ffmpeg: fix CVE-2024-31582 Date: Wed, 7 Aug 2024 19:28:40 -0700 Message-Id: <617a9cdba6e2f0bd3ccc24e7bb2fe84e9573fecd.1723083840.git.steve@sakoman.com> In-Reply-To: <cover.1723083840.git.steve@sakoman.com> References: <cover.1723083840.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/10] curl: Patch CVE-2024-6197 \| expand [scarthgap,01/10] curl: Patch CVE-2024-6197 [scarthgap,02/10] glibc: cleanup old cve status [scarthgap,03/10] qemu: set cve status for CVE-2023-6683 [scarthgap,04/10] ffmpeg: fix CVE-2024-31582 [scarthgap,05/10] nasm: Upgrade 2.16.01 -> 2.16.03 [scarthgap,06/10] orc: upgrade 0.4.38 -> 0.4.39 [scarthgap,07/10] bind: Upgrade 9.18.25 -> 9.18.28 [scarthgap,08/10] curl: correct the PACKAGECONFIG for native/nativesdk [scarthgap,09/10] libmnl: explicitly disable doxygen [scarthgap,10/10] libpng: update SRC_URI

Message ID

617a9cdba6e2f0bd3ccc24e7bb2fe84e9573fecd.1723083840.git.steve@sakoman.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 04/10] ffmpeg: fix CVE-2024-31582
Date: Wed,  7 Aug 2024 19:28:40 -0700
Message-Id: 
 <617a9cdba6e2f0bd3ccc24e7bb2fe84e9573fecd.1723083840.git.steve@sakoman.com>
In-Reply-To: <cover.1723083840.git.steve@sakoman.com>
References: <cover.1723083840.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/10] curl: Patch CVE-2024-6197 | expand

Commit Message

Steve Sakoman Aug. 8, 2024, 2:28 a.m. UTC

From: Archana Polampalli <archana.polampalli@windriver.com>

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2024-31582.patch        | 34 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
new file mode 100644
index 0000000000..2ade3ab6b1
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-31582.patch
@@ -0,0 +1,34 @@ 
+From 1d1a05b393ece9fa3df825bfef3724b7370aefdc Mon Sep 17 00:00:00 2001
+From: Zhao Zhili <zhilizhao@tencent.com>
+Date: Fri, 29 Dec 2023 05:56:43 +0800
+Subject: [PATCH] avfilter/vf_codecview: fix heap buffer overflow
+
+And improve the performance by a little bit.
+
+Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
+
+CVE: CVE-2024-31582
+
+Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavfilter/vf_codecview.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/libavfilter/vf_codecview.c b/libavfilter/vf_codecview.c
+index 55d9c8c..f65ccbd 100644
+--- a/libavfilter/vf_codecview.c
++++ b/libavfilter/vf_codecview.c
+@@ -216,9 +216,6 @@ static void draw_block_rectangle(uint8_t *buf, int sx, int sy, int w, int h, ptr
+         buf[sx + w - 1] = color;
+         buf += stride;
+     }
+-
+-    for (int x = sx; x < sx + w; x++)
+-        buf[x] = color;
+ }
+
+ static int filter_frame(AVFilterLink *inlink, AVFrame *frame)
+--
+2.40.0
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
index 06bd36e2e2..05919e6ffd 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.1.bb
@@ -29,6 +29,7 @@  SRC_URI = " \
     file://vulkan_fix_gcc14.patch \
     file://CVE-2023-49502.patch \
     file://CVE-2024-31578.patch \
+    file://CVE-2024-31582.patch \
 "
 
 SRC_URI[sha256sum] = "8684f4b00f94b85461884c3719382f1261f0d9eb3d59640a1f4ac0873616f968"