From patchwork Fri Jan 3 07:11:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Polampalli, Archana" X-Patchwork-Id: 54921 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FC3BE77188 for ; Fri, 3 Jan 2025 07:11:44 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.26100.1735888303012169729 for ; Thu, 02 Jan 2025 23:11:43 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=3098560207=archana.polampalli@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50353332004894 for ; Fri, 3 Jan 2025 07:11:42 GMT Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [147.11.82.252]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 43t8a84w0t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 03 Jan 2025 07:11:42 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (147.11.82.252) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.43; Thu, 2 Jan 2025 23:11:40 -0800 Received: from blr-linux-engg1.wrs.com (147.11.136.210) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server id 15.1.2507.43 via Frontend Transport; Thu, 2 Jan 2025 23:11:39 -0800 From: To: Subject: [oe-core][kirkstone][PATCH 1/3] ffmpeg: fix CVE-2024-35366 Date: Fri, 3 Jan 2025 07:11:36 +0000 Message-ID: <20250103071138.3650340-1-archana.polampalli@windriver.com> X-Mailer: git-send-email 2.40.0 MIME-Version: 1.0 X-Proofpoint-GUID: _10HyGwyHEao9H1NkK2MVgloGuOQOmTD X-Proofpoint-ORIG-GUID: _10HyGwyHEao9H1NkK2MVgloGuOQOmTD X-Authority-Analysis: v=2.4 cv=f8qyBPyM c=1 sm=1 tr=0 ts=67778dae cx=c_pps a=/ZJR302f846pc/tyiSlYyQ==:117 a=/ZJR302f846pc/tyiSlYyQ==:17 a=VdSt8ZQiCzkA:10 a=NEAV23lmAAAA:8 a=emhf11hzAAAA:8 a=t7CeM3EgAAAA:8 a=Il8eHo93rIquhJNKyUkA:9 a=HLUCug_QN4oeKp6PugZw:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-02_03,2025-01-02_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 bulkscore=0 clxscore=1015 adultscore=0 phishscore=0 priorityscore=1501 suspectscore=0 impostorscore=0 mlxlogscore=999 lowpriorityscore=0 mlxscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2411120000 definitions=main-2501030060 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Jan 2025 07:11:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209321 From: Archana Polampalli FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-35366.patch | 37 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch new file mode 100644 index 0000000000..f619dd6eac --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35366.patch @@ -0,0 +1,37 @@ +From 4db0eb4653efad967ddcf71f564fd2f1169bafcb Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer +Date: Tue, 26 Mar 2024 00:39:49 +0100 +Subject: [PATCH] avformat/sbgdec: Check for negative duration + +Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long' +Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768 + +Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg +Signed-off-by: Michael Niedermayer +(cherry picked from commit 0bed22d597b78999151e3bde0768b7fe763fc2a6) +Signed-off-by: Michael Niedermayer + +CVE: CVE-2024-35366 + +Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/4db0eb4653efad967ddcf71f564fd2f1169bafcb] + +Signed-off-by: Archana Polampalli +--- + libavformat/sbgdec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c +index 1ef50e1598..fdcee0b452 100644 +--- a/libavformat/sbgdec.c ++++ b/libavformat/sbgdec.c +@@ -385,7 +385,7 @@ static int parse_options(struct sbg_parser *p) + case 'L': + FORWARD_ERROR(parse_optarg(p, opt, &oarg)); + r = str_to_time(oarg.s, &p->scs.opt_duration); +- if (oarg.e != oarg.s + r) { ++ if (oarg.e != oarg.s + r || p->scs.opt_duration < 0) { + snprintf(p->err_msg, sizeof(p->err_msg), + "syntax error for option -L"); + return AVERROR_INVALIDDATA; +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 7b03b7cbc0..39d79c343d 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -40,6 +40,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2023-50007.patch \ file://CVE-2023-51796.patch \ file://CVE-2024-7055.patch \ + file://CVE-2024-35366.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" From patchwork Fri Jan 3 07:11:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Polampalli, Archana" X-Patchwork-Id: 54922 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B364E77198 for ; Fri, 3 Jan 2025 07:11:54 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.26101.1735888304739739650 for ; Thu, 02 Jan 2025 23:11:44 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=3098560207=archana.polampalli@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5036uZLA005699 for ; Fri, 3 Jan 2025 07:11:44 GMT Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [147.11.82.252]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 43t6j0mxey-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 03 Jan 2025 07:11:43 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (147.11.82.252) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.43; Thu, 2 Jan 2025 23:11:42 -0800 Received: from blr-linux-engg1.wrs.com (147.11.136.210) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server id 15.1.2507.43 via Frontend Transport; Thu, 2 Jan 2025 23:11:41 -0800 From: To: Subject: [oe-core][kirkstone][PATCH 2/3] ffmpeg: fix CVE-2024-35367 Date: Fri, 3 Jan 2025 07:11:37 +0000 Message-ID: <20250103071138.3650340-2-archana.polampalli@windriver.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20250103071138.3650340-1-archana.polampalli@windriver.com> References: <20250103071138.3650340-1-archana.polampalli@windriver.com> MIME-Version: 1.0 X-Authority-Analysis: v=2.4 cv=V7KH0fni c=1 sm=1 tr=0 ts=67778daf cx=c_pps a=/ZJR302f846pc/tyiSlYyQ==:117 a=/ZJR302f846pc/tyiSlYyQ==:17 a=VdSt8ZQiCzkA:10 a=emhf11hzAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=UqCG9HQmAAAA:8 a=pGLkceISAAAA:8 a=nAk2t3tMP7fyGi4u_BAA:9 a=HLUCug_QN4oeKp6PugZw:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: UDif3IPdp62mxLHzmW8nwjijKaVvpGDx X-Proofpoint-GUID: UDif3IPdp62mxLHzmW8nwjijKaVvpGDx X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-02_03,2025-01-02_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 mlxlogscore=999 priorityscore=1501 malwarescore=0 bulkscore=0 phishscore=0 clxscore=1015 impostorscore=0 adultscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2411120000 definitions=main-2501030060 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Jan 2025 07:11:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209322 From: Archana Polampalli FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-35367.patch | 47 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch new file mode 100644 index 0000000000..69d42955da --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35367.patch @@ -0,0 +1,47 @@ +From 09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Wed, 13 Mar 2024 02:10:26 +0100 +Subject: [PATCH] avcodec/ppc/vp8dsp_altivec: Fix out-of-bounds access + +h_subpel_filters_inner[i] and h_subpel_filters_outer[i / 2] +belong together and the former allows the range 0..6, +so the latter needs to support 0..3. But it has only three +elements. Add another one. +The value for the last element has been guesstimated +from subpel_filters in libavcodec/vp8dsp.c. + +This is also intended to fix FATE-failures with UBSan here: +https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu + +Tested-by: Sean McGovern +Signed-off-by: Andreas Rheinhardt + +CVE: CVE-2024-35367 + +Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667] + +Signed-off-by: Archana Polampalli +--- + libavcodec/ppc/vp8dsp_altivec.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libavcodec/ppc/vp8dsp_altivec.c b/libavcodec/ppc/vp8dsp_altivec.c +index 12dac8b0a8..061914fc38 100644 +--- a/libavcodec/ppc/vp8dsp_altivec.c ++++ b/libavcodec/ppc/vp8dsp_altivec.c +@@ -50,11 +50,12 @@ static const vec_s8 h_subpel_filters_inner[7] = + // for 6tap filters, these are the outer two taps + // The zeros mask off pixels 4-7 when filtering 0-3 + // and vice-versa +-static const vec_s8 h_subpel_filters_outer[3] = ++static const vec_s8 h_subpel_filters_outer[4] = + { + REPT4(0, 0, 2, 1), + REPT4(0, 0, 3, 3), + REPT4(0, 0, 1, 2), ++ REPT4(0, 0, 0, 0), + }; + + #define LOAD_H_SUBPEL_FILTER(i) \ +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 39d79c343d..ac4ade276c 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -41,6 +41,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2023-51796.patch \ file://CVE-2024-7055.patch \ file://CVE-2024-35366.patch \ + file://CVE-2024-35367.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" From patchwork Fri Jan 3 07:11:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Polampalli, Archana" X-Patchwork-Id: 54923 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CBCCE7718F for ; Fri, 3 Jan 2025 07:11:54 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.26102.1735888306439819947 for ; Thu, 02 Jan 2025 23:11:46 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=3098560207=archana.polampalli@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5036MDT5021966 for ; Fri, 3 Jan 2025 07:11:45 GMT Received: from ala-exchng01.corp.ad.wrs.com (ala-exchng01.wrs.com [147.11.82.252]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 43t8a84w0v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 03 Jan 2025 07:11:45 +0000 (GMT) Received: from ala-exchng01.corp.ad.wrs.com (147.11.82.252) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.43; Thu, 2 Jan 2025 23:11:44 -0800 Received: from blr-linux-engg1.wrs.com (147.11.136.210) by ala-exchng01.corp.ad.wrs.com (147.11.82.252) with Microsoft SMTP Server id 15.1.2507.43 via Frontend Transport; Thu, 2 Jan 2025 23:11:43 -0800 From: To: Subject: [oe-core][kirkstone][PATCH 3/3] ffmpeg: fix CVE-2024-35368 Date: Fri, 3 Jan 2025 07:11:38 +0000 Message-ID: <20250103071138.3650340-3-archana.polampalli@windriver.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20250103071138.3650340-1-archana.polampalli@windriver.com> References: <20250103071138.3650340-1-archana.polampalli@windriver.com> MIME-Version: 1.0 X-Proofpoint-GUID: 7b5D7aG_Cy9pPUGgwkgou-P1xZrhwsce X-Proofpoint-ORIG-GUID: 7b5D7aG_Cy9pPUGgwkgou-P1xZrhwsce X-Authority-Analysis: v=2.4 cv=f8qyBPyM c=1 sm=1 tr=0 ts=67778db1 cx=c_pps a=/ZJR302f846pc/tyiSlYyQ==:117 a=/ZJR302f846pc/tyiSlYyQ==:17 a=VdSt8ZQiCzkA:10 a=NEAV23lmAAAA:8 a=emhf11hzAAAA:8 a=t7CeM3EgAAAA:8 a=UqCG9HQmAAAA:8 a=MVx2jJ9Z82B9YExYSzsA:9 a=HLUCug_QN4oeKp6PugZw:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-02_03,2025-01-02_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 spamscore=0 bulkscore=0 clxscore=1015 adultscore=0 phishscore=0 priorityscore=1501 suspectscore=0 impostorscore=0 mlxlogscore=999 lowpriorityscore=0 mlxscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2411120000 definitions=main-2501030060 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 03 Jan 2025 07:11:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/209323 From: Archana Polampalli FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. Signed-off-by: Archana Polampalli --- .../ffmpeg/ffmpeg/CVE-2024-35368.patch | 41 +++++++++++++++++++ .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch new file mode 100644 index 0000000000..555d569825 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35368.patch @@ -0,0 +1,41 @@ +From 4513300989502090c4fd6560544dce399a8cd53c Mon Sep 17 00:00:00 2001 +From: Andreas Rheinhardt +Date: Sun, 24 Sep 2023 13:15:48 +0200 +Subject: [PATCH] avcodec/rkmppdec: Fix double-free on error + +After having created the AVBuffer that is put into frame->buf[0], +ownership of several objects (namely an AVDRMFrameDescriptor, +an MppFrame and some AVBufferRefs framecontextref and decoder_ref) +has passed to the AVBuffer and therefore to the frame. +Yet it has nevertheless been freed manually on error +afterwards, which would lead to a double-free as soon +as the AVFrame is unreferenced. + +Signed-off-by: Andreas Rheinhardt + +CVE: CVE-2024-35368 + +Upstream-Status: Backport [https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c] + +Signed-off-by: Archana Polampalli +--- + libavcodec/rkmppdec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/rkmppdec.c b/libavcodec/rkmppdec.c +index 7665098c6a..6889545b20 100644 +--- a/libavcodec/rkmppdec.c ++++ b/libavcodec/rkmppdec.c +@@ -463,8 +463,8 @@ static int rkmpp_retrieve_frame(AVCodecContext *avctx, AVFrame *frame) + + frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref); + if (!frame->hw_frames_ctx) { +- ret = AVERROR(ENOMEM); +- goto fail; ++ av_frame_unref(frame); ++ return AVERROR(ENOMEM); + } + + return 0; +-- +2.40.0 diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index ac4ade276c..9aecdf07e0 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -42,6 +42,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ file://CVE-2024-7055.patch \ file://CVE-2024-35366.patch \ file://CVE-2024-35367.patch \ + file://CVE-2024-35368.patch \ " SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"