From 7137662afeee5d13d8d2f7284b6a9d3aee87a925 Mon Sep 17 00:00:00 2001
From: xuchenchen <xuchenchen@kylinos.cn>
Date: Tue, 11 Jun 2024 17:22:13 +0800
Subject: [PATCH] backport CVE-2023-50007 CVE-2023-50008

---
 0003-backport-CVE-2023-50007.patch | 74 ++++++++++++++++++++++++++++++
 0004-backport-CVE-2023-50008.patch | 25 ++++++++++
 ffmpeg.spec                        | 10 +++-
 3 files changed, 108 insertions(+), 1 deletion(-)
 create mode 100644 0003-backport-CVE-2023-50007.patch
 create mode 100644 0004-backport-CVE-2023-50008.patch

diff --git a/0003-backport-CVE-2023-50007.patch b/0003-backport-CVE-2023-50007.patch
new file mode 100644
index 0000000..617dff0
--- /dev/null
+++ b/0003-backport-CVE-2023-50007.patch
@@ -0,0 +1,74 @@
+From b1942734c7cbcdc9034034373abcc9ecb9644c47 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Mon, 27 Nov 2023 11:45:34 +0100
+Subject: [PATCH] avfilter/af_afwtdn: fix crash with EOF handling
+
+---
+ libavfilter/af_afwtdn.c | 34 +++++++++++++++++++---------------
+ 1 file changed, 19 insertions(+), 15 deletions(-)
+
+diff --git a/libavfilter/af_afwtdn.c b/libavfilter/af_afwtdn.c
+index 0fcfa77..63b7f5f 100644
+--- a/libavfilter/af_afwtdn.c
++++ b/libavfilter/af_afwtdn.c
+@@ -408,6 +408,7 @@ typedef struct AudioFWTDNContext {
+ 
+     uint64_t sn;
+     int64_t eof_pts;
++    int eof;
+ 
+     int wavelet_type;
+     int channels;
+@@ -1069,7 +1070,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
+         s->drop_samples = 0;
+     } else {
+         if (s->padd_samples < 0 && eof) {
+-            out->nb_samples += s->padd_samples;
++            out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples);
+             s->padd_samples = 0;
+         }
+         if (!eof)
+@@ -1208,23 +1209,26 @@ static int activate(AVFilterContext *ctx)
+ 
+     FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink);
+ 
+-    ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
+-    if (ret < 0)
+-        return ret;
+-    if (ret > 0)
+-        return filter_frame(inlink, in);
++    if (!s->eof) {
++        ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
++        if (ret < 0)
++            return ret;
++        if (ret > 0)
++            return filter_frame(inlink, in);
++    }
+ 
+     if (ff_inlink_acknowledge_status(inlink, &status, &pts)) {
+-        if (status == AVERROR_EOF) {
+-            while (s->padd_samples != 0) {
+-                ret = filter_frame(inlink, NULL);
+-                if (ret < 0)
+-                    return ret;
+-            }
+-            ff_outlink_set_status(outlink, status, pts);
+-            return ret;
+-        }
++        if (status == AVERROR_EOF)
++            s->eof = 1;
+     }
++
++    if (s->eof && s->padd_samples != 0) {
++        return filter_frame(inlink, NULL);
++    } else if (s->eof) {
++        ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts);
++        return 0;
++    }
++
+     FF_FILTER_FORWARD_WANTED(outlink, inlink);
+ 
+     return FFERROR_NOT_READY;
+-- 
+2.27.0
+
diff --git a/0004-backport-CVE-2023-50008.patch b/0004-backport-CVE-2023-50008.patch
new file mode 100644
index 0000000..d0ab274
--- /dev/null
+++ b/0004-backport-CVE-2023-50008.patch
@@ -0,0 +1,25 @@
+From 5f87a68cf70dafeab2fb89b42e41a4c29053b89b Mon Sep 17 00:00:00 2001
+From: Paul B Mahol <onemda@gmail.com>
+Date: Mon, 27 Nov 2023 12:08:20 +0100
+Subject: [PATCH] avfilter/vf_colorcorrect: fix memory leaks
+
+---
+ libavfilter/vf_colorcorrect.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libavfilter/vf_colorcorrect.c b/libavfilter/vf_colorcorrect.c
+index 1c4dea5..6bdec2c 100644
+--- a/libavfilter/vf_colorcorrect.c
++++ b/libavfilter/vf_colorcorrect.c
+@@ -497,6 +497,8 @@ static av_cold void uninit(AVFilterContext *ctx)
+     ColorCorrectContext *s = ctx->priv;
+ 
+     av_freep(&s->analyzeret);
++    av_freep(&s->uhistogram);
++    av_freep(&s->vhistogram);
+ }
+ 
+ static const AVFilterPad colorcorrect_inputs[] = {
+-- 
+2.27.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index 6fe7247..c276b84 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -59,7 +59,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        6.1.1
-Release:        3
+Release:        4
 License:        GPL-3.0-or-later
 URL:            http://ffmpeg.org/
 Source0:        http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz
@@ -70,6 +70,8 @@ Patch0:         avformat-get_first_dts.patch
 
 Patch1:         0001-fix-CVE-2024-31578.patch
 Patch2:         0002-fix-CVE-2024-31582.patch
+Patch3:         0003-backport-CVE-2023-50007.patch
+Patch4:         0004-backport-CVE-2023-50008.patch
 
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
@@ -398,6 +400,12 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Fri May 31 2024 xuchenchen <xuchenchen@kylinos.cn> - 6.1.1-4
+- Type:CVES
+- ID:CVE-2023-50007 CVE-2023-50008
+- SUG:NA
+- DESC:backport CVE-2023-50007 CVE-2023-50008
+
 * Mon Apr 29 2024 cenhuilin <cenhuilin@kylinos.cn> - 6.1.1-3
 - fix CVE-2024-31578 CVE-2024-31582
 
-- 
Gitee