[dunfell,08/16] ffmpeg: Fix CVE-2022-3109

Message ID	a613a3d33f98770306161a3e9f3147f155ee0457.1674657501.git.steve@sakoman.com
State	New, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.181, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/16] ffmpeg: Fix CVE-2022-3109 Date: Wed, 25 Jan 2023 04:41:51 -1000 Message-Id: <a613a3d33f98770306161a3e9f3147f155ee0457.1674657501.git.steve@sakoman.com> In-Reply-To: <cover.1674657501.git.steve@sakoman.com> References: <cover.1674657501.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell,01/16] cve-update-db-native: Allow to overrule the URL in a bbappend. \| expand [dunfell,01/16] cve-update-db-native: Allow to overrule the URL in a bbappend. [dunfell,02/16] cve-update-db-native: add more logging when fetching [dunfell,03/16] cve-update-db-native: avoid incomplete updates [dunfell,04/16] cve-update-db-native: show IP on failure [dunfell,05/16] cve-check: write the cve manifest to IMGDEPLOYDIR [dunfell,06/16] cairo: fix CVE patches assigned wrong CVE number [dunfell,07/16] QEMU: CVE-2022-4144 QXL: qxl_phys2virt unsafe address translation can lead to out-o… [dunfell,08/16] ffmpeg: Fix CVE-2022-3109 [dunfell,09/16] xserver-xorg: Fix Multiple CVEs [dunfell,10/16] linux-firmware: upgrade 20221109 -> 20221214 [dunfell,11/16] vim: upgrade 9.0.0947 -> 9.0.1211 [dunfell,12/16] systemd: Consider PACKAGECONFIG in RRECOMMENDS [dunfell,13/16] toolchain-scripts: compatibility with unbound variable protection [dunfell,14/16] lib/oe/reproducible: Use git log without gpg signature [dunfell,15/16] selftest/virgl: use pkg-config from the host [dunfell,16/16] python3: fix packaging of Windows distutils installer stubs

Message ID

a613a3d33f98770306161a3e9f3147f155ee0457.1674657501.git.steve@sakoman.com

State

New, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 08/16] ffmpeg: Fix CVE-2022-3109
Date: Wed, 25 Jan 2023 04:41:51 -1000
Message-Id: 
 <a613a3d33f98770306161a3e9f3147f155ee0457.1674657501.git.steve@sakoman.com>
In-Reply-To: <cover.1674657501.git.steve@sakoman.com>
References: <cover.1674657501.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell,01/16] cve-update-db-native: Allow to overrule the URL in a bbappend. | expand

Commit Message

Steve Sakoman Jan. 25, 2023, 2:41 p.m. UTC

From: Bhabu Bindu <bhabu.bindu@kpit.com>

Add patch to fix CVE-2022-3109

Link: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568

Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ffmpeg/ffmpeg/CVE-2022-3109.patch         | 41 +++++++++++++++++++
 .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch
new file mode 100644
index 0000000000..febf49cff2
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3109.patch
@@ -0,0 +1,41 @@ 
+From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Date: Tue, 15 Feb 2022 17:58:08 +0800
+Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
+
+Since the av_malloc() may fail and return NULL pointer,
+it is needed that the 's->edge_emu_buffer' should be checked
+whether the new allocation is success.
+
+Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
+
+CVE: CVE-2022-3109
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568]
+Comments: Refreshed hunk
+
+Reviewed-by: Peter Ross <pross@xvid.org>
+Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ libavcodec/vp3.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
+index e9ab54d73677..e2418eb6fa04 100644
+--- a/libavcodec/vp3.c
++++ b/libavcodec/vp3.c
+@@ -2740,8 +2740,13 @@
+     if (ff_thread_get_buffer(avctx, &s->current_frame, AV_GET_BUFFER_FLAG_REF) < 0)
+         goto error;
+ 
+-    if (!s->edge_emu_buffer)
++    if (!s->edge_emu_buffer) {
+         s->edge_emu_buffer = av_malloc(9 * FFABS(s->current_frame.f->linesize[0]));
++        if (!s->edge_emu_buffer) {
++            ret = AVERROR(ENOMEM);
++            goto error;
++        }
++    }
+ 
+     if (s->keyframe) {
+         if (!s->theora) {
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
index cbfdbf0563..ffeec92e0e 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
@@ -30,6 +30,7 @@  SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
            file://CVE-2021-3566.patch \
            file://CVE-2021-38291.patch \
            file://CVE-2022-1475.patch \
+           file://CVE-2022-3109.patch \
           "
 SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3"
 SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c"

[dunfell,08/16] ffmpeg: Fix CVE-2022-3109

Commit Message

Patch