Re: [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109

Martin Jansa Mon, 16 Jan 2023 04:00:32 -0800

This patch doesn't apply cleanly on ffmpeg-5.0.1:

ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected:


Applying patch 0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
patching file libavcodec/vp3.c
Hunk #1 succeeded at 2677 with fuzz 1 (offset -2 lines).


The context lines in the patches can be updated with devtool:

    devtool modify ffmpeg
    devtool finish --force-patch-refresh ffmpeg <layer_path>

Don't forget to review changes done by devtool!

ERROR: ffmpeg-5.0.1-r0 do_patch: QA Issue: Patch log indicates that patches
do not apply cleanly. [patch-fuzz]

Narpat: Should I send a fix or will you handle that?

On Thu, Jan 12, 2023 at 3:33 AM Steve Sakoman <st...@sakoman.com> wrote:

> From: Narpat Mali <narpat.m...@windriver.com>
>
> An issue was discovered in the FFmpeg package, where vp3_decode_frame in
> libavcodec/vp3.c lacks check of
> the return value of av_malloc() and will cause a null pointer dereference,
> impacting availability.
>
> CVE: CVE-2022-3109
>
> Upstream-Status: Backport [
> https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
> ]
>
> Signed-off-by: Narpat Mali <narpat.m...@windriver.com>
> Signed-off-by: Steve Sakoman <st...@sakoman.com>
> ---
>  ...-vp3-Add-missing-check-for-av_malloc.patch | 44 +++++++++++++++++++
>  .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb |  3 +-
>  2 files changed, 46 insertions(+), 1 deletion(-)
>  create mode 100644
> meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
>
> diff --git
> a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> new file mode 100644
> index 0000000000..94858a6cdd
> --- /dev/null
> +++
> b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch
> @@ -0,0 +1,44 @@
> +From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001
> +From: Jiasheng Jiang <jiash...@iscas.ac.cn>
> +Date: Tue, 15 Feb 2022 17:58:08 +0800
> +Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc
> +
> +Since the av_malloc() may fail and return NULL pointer,
> +it is needed that the 's->edge_emu_buffer' should be checked
> +whether the new allocation is success.
> +
> +Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
> +Reviewed-by: Peter Ross <pr...@xvid.org>
> +Signed-off-by: Jiasheng Jiang <jiash...@iscas.ac.cn>
> +
> +CVE: CVE-2022-3109
> +
> +Upstream-Status: Backport [
> https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568
> ]
> +
> +Signed-off-by: Narpat Mali <narpat.m...@windriver.com>
> +---
> + libavcodec/vp3.c | 7 ++++++-
> + 1 file changed, 6 insertions(+), 1 deletion(-)
> +
> +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
> +index e9ab54d736..e2418eb6fa 100644
> +--- a/libavcodec/vp3.c
> ++++ b/libavcodec/vp3.c
> +@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
> +                                         AV_GET_BUFFER_FLAG_REF)) < 0)
> +         goto error;
> +
> +-    if (!s->edge_emu_buffer)
> ++    if (!s->edge_emu_buffer) {
> +         s->edge_emu_buffer = av_malloc(9 *
> FFABS(s->current_frame.f->linesize[0]));
> ++        if (!s->edge_emu_buffer) {
> ++            ret = AVERROR(ENOMEM);
> ++            goto error;
> ++        }
> ++    }
> +
> +     if (s->keyframe) {
> +         if (!s->theora) {
> +--
> +2.34.1
> +
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> index 95b4bf50ac..c5bebe9c2d 100644
> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> @@ -26,7 +26,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz
> \
>
> file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
>
> file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \
>
> file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \
> -           "
> +           file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \
> +          "
>
>  SRC_URI[sha256sum] =
> "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b"
>
> --
> 2.25.1
>
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#175978): 
https://lists.openembedded.org/g/openembedded-core/message/175978
Mute This Topic: https://lists.openembedded.org/mt/96215555/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][kirkstone 03/11] ffmpeg: fix for CVE-2022-3109

Reply via email to