From ea6ecfcd4c48309917d6921d686d52a45224e0b8 Mon Sep 17 00:00:00 2001 From: wangziliang Date: Thu, 4 Jul 2024 03:32:27 +0000 Subject: [PATCH] fix CVE-2024-32228 (cherry picked from commit eaff584cc2cd2746255a12dbe2b271db5b9e4282) --- ffmpeg.spec | 6 ++++- fix-CVE-2024-32228.patch | 57 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 fix-CVE-2024-32228.patch diff --git a/ffmpeg.spec b/ffmpeg.spec index 9269a20..531b957 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -58,7 +58,7 @@ Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 6.1.1 -Release: 9 +Release: 10 License: GPL-3.0-or-later URL: http://ffmpeg.org/ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz @@ -72,6 +72,7 @@ Patch5: fix_libsvgdec_compile_error.patch Patch6: CVE-2023-49528.patch Patch7: fix-CVE-2023-49502.patch Patch8: fix-CVE-2024-32230.patch +Patch9: fix-CVE-2024-32228.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} @@ -400,6 +401,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Thu Jul 04 2024 wangziliang - 6.1.1-10 +- fix-CVE-2024-32228.patch + * Tue Jul 02 2024 wangziliang - 6.1.1-9 - fix-CVE-2024-32230.patch diff --git a/fix-CVE-2024-32228.patch b/fix-CVE-2024-32228.patch new file mode 100644 index 0000000..c88fb33 --- /dev/null +++ b/fix-CVE-2024-32228.patch @@ -0,0 +1,57 @@ +From 459648761f5412acdc3317d5bac982ceaa257584 Mon Sep 17 00:00:00 2001 +From: Niklas Haas +Date: Sat, 6 Apr 2024 13:11:09 +0200 +Subject: [PATCH] avcodec/hevcdec: fix segfault on invalid film grain metadata + +Invalid input files may contain film grain metadata which survives +ff_h274_film_grain_params_supported() but does not pass +av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end(). + +Fix this by duplicating the av_film_grain_params_select() check at frame +init time. + +An alternative solution here would be to defer the incompatibility check +to hevc_frame_end(), but this has the downside of allocating a film +grain buffer even when we already know we can't apply film grain. + +Fixes: https://trac.ffmpeg.org/ticket/10951 +--- + libavcodec/hevcdec.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c +index e1710d7..d3b668a 100644 +--- a/libavcodec/hevcdec.c ++++ b/libavcodec/hevcdec.c +@@ -2893,9 +2893,15 @@ static int hevc_frame_start(HEVCContext *s) + !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) && + !s->avctx->hwaccel; + ++ ret = set_side_data(s); ++ if (ret < 0) ++ goto fail; ++ + if (s->ref->needs_fg && +- !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, +- s->ref->frame->format)) { ++ ( s->sei.common.film_grain_characteristics.present && ++ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, ++ s->ref->frame->format)) ++ || !av_film_grain_params_select(s->ref->frame)) { + av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, + "Unsupported film grain parameters. Ignoring film grain.\n"); + s->ref->needs_fg = 0; +@@ -2909,10 +2915,6 @@ static int hevc_frame_start(HEVCContext *s) + goto fail; + } + +- ret = set_side_data(s); +- if (ret < 0) +- goto fail; +- + s->frame->pict_type = 3 - s->sh.slice_type; + + if (!IS_IRAP(s)) +-- +2.33.0 + -- Gitee