Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ffmpeg-5 for openSUSE:Factory
checked in at 2022-11-16 15:44:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ffmpeg-5 (Old)
and /work/SRC/openSUSE:Factory/.ffmpeg-5.new.1597 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-5"
Wed Nov 16 15:44:15 2022 rev:8 rq:1036209 version:5.1.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/ffmpeg-5/ffmpeg-5.changes 2022-10-16
16:09:37.454812169 +0200
+++ /work/SRC/openSUSE:Factory/.ffmpeg-5.new.1597/ffmpeg-5.changes
2022-11-16 15:44:17.408068168 +0100
@@ -1,0 +2,6 @@
+Wed Nov 16 01:32:19 UTC 2022 - Alynx Zhou <alynx.z...@suse.com>
+
+- Add ffmpeg-CVE-2022-3964.patch: Backport from upstream to fix
+ out of bounds read in update_block_in_prev_frame() (bsc#1205388).
+
+-------------------------------------------------------------------
New:
----
ffmpeg-CVE-2022-3964.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ffmpeg-5.spec ++++++
--- /var/tmp/diff_new_pack.TzTRGQ/_old 2022-11-16 15:44:18.076071450 +0100
+++ /var/tmp/diff_new_pack.TzTRGQ/_new 2022-11-16 15:44:18.080071469 +0100
@@ -103,6 +103,7 @@
Patch5: work-around-abi-break.patch
Patch9: ffmpeg-4.4-CVE-2020-22046.patch
Patch10: ffmpeg-chromium.patch
+Patch11: ffmpeg-CVE-2022-3964.patch
Patch91: ffmpeg-dlopen-openh264.patch
%if %{with amf_sdk}
++++++ ffmpeg-CVE-2022-3964.patch ++++++
diff --unified --recursive --text --new-file --color
ffmpeg-4.4.old/libavcodec/rpzaenc.c ffmpeg-4.4.new/libavcodec/rpzaenc.c
--- ffmpeg-4.4.old/libavcodec/rpzaenc.c 2022-11-15 14:41:42.262978968 +0800
+++ ffmpeg-4.4.new/libavcodec/rpzaenc.c 2022-11-15 14:43:37.183516204 +0800
@@ -204,7 +204,7 @@
// loop thru and compare pixels
for (y = 0; y < bi->block_height; y++) {
- for (x = 0; x < bi->block_width; x++){
+ for (x = 0; x < bi->block_width; x++) {
// TODO: optimize
min_r = FFMIN(R(block_ptr[x]), min_r);
min_g = FFMIN(G(block_ptr[x]), min_g);
@@ -276,7 +276,7 @@
return -1;
for (i = 0; i < bi->block_height; i++) {
- for (j = 0; j < bi->block_width; j++){
+ for (j = 0; j < bi->block_width; j++) {
x = GET_CHAN(block_ptr[j], xchannel);
y = GET_CHAN(block_ptr[j], ychannel);
sumx += x;
@@ -323,7 +323,7 @@
int max_err = 0;
for (i = 0; i < bi->block_height; i++) {
- for (j = 0; j < bi->block_width; j++){
+ for (j = 0; j < bi->block_width; j++) {
int x_inc, lin_y, lin_x;
x = GET_CHAN(block_ptr[j], xchannel);
y = GET_CHAN(block_ptr[j], ychannel);
@@ -418,7 +418,9 @@
uint16_t *dest_pixels,
const BlockInfo *bi, int block_counter)
{
- for (int y = 0; y < 4; y++) {
+ const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
+
+ for (int y = 0; y < y_size; y++) {
memcpy(dest_pixels, src_pixels, 8);
dest_pixels += bi->rowstride;
src_pixels += bi->rowstride;
@@ -728,13 +730,14 @@
if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
uint16_t *row_ptr;
- int rgb555;
+ int y_size, rgb555;
block_offset = get_block_info(&bi, block_counter);
row_ptr = &src_pixels[block_offset];
+ y_size = FFMIN(4, bi.image_height - bi.row * 4);
- for (int y = 0; y < 4; y++) {
+ for (int y = 0; y < y_size; y++) {
for (int x = 0; x < 4; x++){
rgb555 = row_ptr[x] & ~0x8000;
@@ -743,6 +746,11 @@
row_ptr += bi.rowstride;
}
+ for (int y = y_size; y < 4; y++) {
+ for (int x = 0; x < 4; x++)
+ put_bits(&s->pb, 16, 0);
+ }
+
block_counter++;
} else { // FOUR COLOR BLOCK
block_counter += encode_four_color_block(min_color, max_color,
