Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ffmpeg-5 for openSUSE:Factory checked in at 2022-11-16 15:44:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ffmpeg-5 (Old) and /work/SRC/openSUSE:Factory/.ffmpeg-5.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ffmpeg-5" Wed Nov 16 15:44:15 2022 rev:8 rq:1036209 version:5.1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/ffmpeg-5/ffmpeg-5.changes 2022-10-16 16:09:37.454812169 +0200 +++ /work/SRC/openSUSE:Factory/.ffmpeg-5.new.1597/ffmpeg-5.changes 2022-11-16 15:44:17.408068168 +0100 @@ -1,0 +2,6 @@ +Wed Nov 16 01:32:19 UTC 2022 - Alynx Zhou <alynx.z...@suse.com> + +- Add ffmpeg-CVE-2022-3964.patch: Backport from upstream to fix + out of bounds read in update_block_in_prev_frame() (bsc#1205388). + +------------------------------------------------------------------- New: ---- ffmpeg-CVE-2022-3964.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ffmpeg-5.spec ++++++ --- /var/tmp/diff_new_pack.TzTRGQ/_old 2022-11-16 15:44:18.076071450 +0100 +++ /var/tmp/diff_new_pack.TzTRGQ/_new 2022-11-16 15:44:18.080071469 +0100 @@ -103,6 +103,7 @@ Patch5: work-around-abi-break.patch Patch9: ffmpeg-4.4-CVE-2020-22046.patch Patch10: ffmpeg-chromium.patch +Patch11: ffmpeg-CVE-2022-3964.patch Patch91: ffmpeg-dlopen-openh264.patch %if %{with amf_sdk} ++++++ ffmpeg-CVE-2022-3964.patch ++++++ diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/rpzaenc.c ffmpeg-4.4.new/libavcodec/rpzaenc.c --- ffmpeg-4.4.old/libavcodec/rpzaenc.c 2022-11-15 14:41:42.262978968 +0800 +++ ffmpeg-4.4.new/libavcodec/rpzaenc.c 2022-11-15 14:43:37.183516204 +0800 @@ -204,7 +204,7 @@ // loop thru and compare pixels for (y = 0; y < bi->block_height; y++) { - for (x = 0; x < bi->block_width; x++){ + for (x = 0; x < bi->block_width; x++) { // TODO: optimize min_r = FFMIN(R(block_ptr[x]), min_r); min_g = FFMIN(G(block_ptr[x]), min_g); @@ -276,7 +276,7 @@ return -1; for (i = 0; i < bi->block_height; i++) { - for (j = 0; j < bi->block_width; j++){ + for (j = 0; j < bi->block_width; j++) { x = GET_CHAN(block_ptr[j], xchannel); y = GET_CHAN(block_ptr[j], ychannel); sumx += x; @@ -323,7 +323,7 @@ int max_err = 0; for (i = 0; i < bi->block_height; i++) { - for (j = 0; j < bi->block_width; j++){ + for (j = 0; j < bi->block_width; j++) { int x_inc, lin_y, lin_x; x = GET_CHAN(block_ptr[j], xchannel); y = GET_CHAN(block_ptr[j], ychannel); @@ -418,7 +418,9 @@ uint16_t *dest_pixels, const BlockInfo *bi, int block_counter) { - for (int y = 0; y < 4; y++) { + const int y_size = FFMIN(4, bi->image_height - bi->row * 4); + + for (int y = 0; y < y_size; y++) { memcpy(dest_pixels, src_pixels, 8); dest_pixels += bi->rowstride; src_pixels += bi->rowstride; @@ -728,13 +730,14 @@ if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK uint16_t *row_ptr; - int rgb555; + int y_size, rgb555; block_offset = get_block_info(&bi, block_counter); row_ptr = &src_pixels[block_offset]; + y_size = FFMIN(4, bi.image_height - bi.row * 4); - for (int y = 0; y < 4; y++) { + for (int y = 0; y < y_size; y++) { for (int x = 0; x < 4; x++){ rgb555 = row_ptr[x] & ~0x8000; @@ -743,6 +746,11 @@ row_ptr += bi.rowstride; } + for (int y = y_size; y < 4; y++) { + for (int x = 0; x < 4; x++) + put_bits(&s->pb, 16, 0); + } + block_counter++; } else { // FOUR COLOR BLOCK block_counter += encode_four_color_block(min_color, max_color,