diff mbox series

[meta-multimedia,kirkstone,3/4] openh264: patch CVE-2025-27091

Message ID 20251216194005.3006575-3-skandigraun@gmail.com
State New
Headers show
Series [meta-gnome,kirkstone,1/4] accountservice: ignore CVE-2023-3297 | expand

Commit Message

Gyorgy Sarvari Dec. 16, 2025, 7:40 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27091

The advisory confirms that the bug was fixed in v2.6.0.
When looking at the relevant Github advisory[1], it mentions
the name of the implementer. Pick the patch that was included
in this release, created by the mentioned Github account and
isn't only a cosmetic or build-system change.

[1]: https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../openh264/openh264/CVE-2025-27091.patch    | 27 +++++++++++++++++++
 .../openh264/openh264_2.1.1.bb                |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 meta-multimedia/recipes-multimedia/openh264/openh264/CVE-2025-27091.patch
diff mbox series

Patch

diff --git a/meta-multimedia/recipes-multimedia/openh264/openh264/CVE-2025-27091.patch b/meta-multimedia/recipes-multimedia/openh264/openh264/CVE-2025-27091.patch
new file mode 100644
index 0000000000..5a3c900e38
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/openh264/openh264/CVE-2025-27091.patch
@@ -0,0 +1,27 @@ 
+From 4e82ae10b594d87da2a7884c2de850857931c78f Mon Sep 17 00:00:00 2001
+From: BenzhengZhang <140143892+BenzhengZhang@users.noreply.github.com>
+Date: Thu, 19 Dec 2024 17:12:42 +0800
+Subject: [PATCH] Potential bug fix (#3818)
+
+CVE: CVE-2025-27091
+Upstream-Status: Backport [https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ codec/decoder/core/src/decoder.cpp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/codec/decoder/core/src/decoder.cpp b/codec/decoder/core/src/decoder.cpp
+index 3b38032a..b971f12f 100644
+--- a/codec/decoder/core/src/decoder.cpp
++++ b/codec/decoder/core/src/decoder.cpp
+@@ -844,6 +844,10 @@ int32_t WelsDecodeBs (PWelsDecoderContext pCtx, const uint8_t* kpBsBuf, const in
+             return pCtx->iErrorCode;
+           }
+ 
++          if (pCtx->iErrorCode != ERR_NONE && !(pCtx->iErrorCode & dsDataErrorConcealed)) {
++              return pCtx->iErrorCode;
++          }
++
+           pDstNal += (iDstIdx + 4); //init, increase 4 reserved zero bytes, used to store the next NAL
+           if ((iSrcLength - iSrcConsumed + 4) > (pRawData->pEnd - pDstNal)) {
+             pDstNal = pRawData->pCurPos = pRawData->pHead;
diff --git a/meta-multimedia/recipes-multimedia/openh264/openh264_2.1.1.bb b/meta-multimedia/recipes-multimedia/openh264/openh264_2.1.1.bb
index aababb6684..113dbf1bba 100644
--- a/meta-multimedia/recipes-multimedia/openh264/openh264_2.1.1.bb
+++ b/meta-multimedia/recipes-multimedia/openh264/openh264_2.1.1.bb
@@ -15,6 +15,7 @@  SRCREV = "50a1fcf70fafe962c526749991cb4646406933ba"
 BRANCH = "openh264v2.1.1"
 SRC_URI = "git://github.com/cisco/openh264.git;protocol=https;branch=${BRANCH} \
            file://0001-Makefile-Use-cp-options-to-preserve-file-mode.patch \
+           file://CVE-2025-27091.patch \
            "
 
 COMPATIBLE_MACHINE:armv7a = "(.*)"