From d4950b81e976f23459ecf37467f6c88730fccadc Mon Sep 17 00:00:00 2001
From: happyworker <208suo@208suo.com>
Date: Tue, 22 Apr 2025 15:41:39 +0800
Subject: [PATCH] fix  CVE-2025-1816

(cherry picked from commit 855af55e8be13e08c15c6378e7f2d85b99d1a3ed)
---
 CVE-2025-1816.patch | 32 ++++++++++++++++++++++++++++++++
 ffmpeg.spec         |  7 ++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2025-1816.patch

diff --git a/CVE-2025-1816.patch b/CVE-2025-1816.patch
new file mode 100644
index 0000000..ecda47b
--- /dev/null
+++ b/CVE-2025-1816.patch
@@ -0,0 +1,32 @@
+From c857f5e7b00babbf0a73a034ba9658712764a65e Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Tue, 22 Apr 2025 15:35:19 +0800
+Subject: [PATCH] avformat/iamf_parse: add missing constrains for num_parameters in audio_element_oub()
+
+---
+ libavformat/iamf_parse.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
+index e0a138a..8bc0a41 100644
+--- a/libavformat/iamf_parse.c
++++ b/libavformat/iamf_parse.c
+@@ -716,7 +716,14 @@ static int audio_element_obu(void *s, IAMFContext *c, AVIOContext *pb, int len)
+     }
+ 
+     num_parameters = ffio_read_leb(pbc);
+-    if (num_parameters && audio_element_type != 0) {
++    if (num_parameters > 2 && audio_element_type == 0) {
++        av_log(s, AV_LOG_ERROR, "Audio Element parameter count %u is invalid"
++                                " for Channel representations\n", num_parameters);
++        ret = AVERROR_INVALIDDATA;
++        goto fail;
++    }
++ 
++   if (num_parameters && audio_element_type != 0) {
+         av_log(s, AV_LOG_ERROR, "Audio Element parameter count %u is invalid"
+                                 " for Scene representations\n", num_parameters);
+         ret = AVERROR_INVALIDDATA;
+-- 
+2.43.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index 3018ef4..6988fb9 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -73,7 +73,7 @@
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        7.1
-Release:        5
+Release:        6
 License:        GPL-3.0-or-later
 URL:            https://ffmpeg.org/
 Source0:        https://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@@ -84,6 +84,8 @@ Patch5:         fix_libsvgdec_compile_error.patch
 Patch6:         ffmpeg-7.1-build-with-texinfo-7.2.patch
 Patch7:         backport-CVE-2025-0518.patch
 Patch8:         backport-CVE-2025-22921.patch
+Patch9:         CVE-2025-1816.patch
+
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@@ -406,6 +408,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 %{_libdir}/lib*.so
 
 %changelog
+* Tue Apr 22 2025 happyworker <208suo@208suo.com> - 7.1-6
+- fix CVE-2025-1816
+
 * Sun Mar 23 2025 Funda Wang <fundawang@yeah.net> - 7.1-5
 - fix CVE-2025-22991
 
-- 
Gitee