This patch doesn't apply cleanly on ffmpeg-5.0.1: ERROR: ffmpeg-5.0.1-r0 do_patch: Fuzz detected:
Applying patch 0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch patching file libavcodec/vp3.c Hunk #1 succeeded at 2677 with fuzz 1 (offset -2 lines). The context lines in the patches can be updated with devtool: devtool modify ffmpeg devtool finish --force-patch-refresh ffmpeg <layer_path> Don't forget to review changes done by devtool! ERROR: ffmpeg-5.0.1-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz] Narpat: Should I send a fix or will you handle that? On Thu, Jan 12, 2023 at 3:33 AM Steve Sakoman <st...@sakoman.com> wrote: > From: Narpat Mali <narpat.m...@windriver.com> > > An issue was discovered in the FFmpeg package, where vp3_decode_frame in > libavcodec/vp3.c lacks check of > the return value of av_malloc() and will cause a null pointer dereference, > impacting availability. > > CVE: CVE-2022-3109 > > Upstream-Status: Backport [ > https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 > ] > > Signed-off-by: Narpat Mali <narpat.m...@windriver.com> > Signed-off-by: Steve Sakoman <st...@sakoman.com> > --- > ...-vp3-Add-missing-check-for-av_malloc.patch | 44 +++++++++++++++++++ > .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +- > 2 files changed, 46 insertions(+), 1 deletion(-) > create mode 100644 > meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch > > diff --git > a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch > b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch > new file mode 100644 > index 0000000000..94858a6cdd > --- /dev/null > +++ > b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch > @@ -0,0 +1,44 @@ > +From 656cb0450aeb73b25d7d26980af342b37ac4c568 Mon Sep 17 00:00:00 2001 > +From: Jiasheng Jiang <jiash...@iscas.ac.cn> > +Date: Tue, 15 Feb 2022 17:58:08 +0800 > +Subject: [PATCH] avcodec/vp3: Add missing check for av_malloc > + > +Since the av_malloc() may fail and return NULL pointer, > +it is needed that the 's->edge_emu_buffer' should be checked > +whether the new allocation is success. > + > +Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048") > +Reviewed-by: Peter Ross <pr...@xvid.org> > +Signed-off-by: Jiasheng Jiang <jiash...@iscas.ac.cn> > + > +CVE: CVE-2022-3109 > + > +Upstream-Status: Backport [ > https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 > ] > + > +Signed-off-by: Narpat Mali <narpat.m...@windriver.com> > +--- > + libavcodec/vp3.c | 7 ++++++- > + 1 file changed, 6 insertions(+), 1 deletion(-) > + > +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c > +index e9ab54d736..e2418eb6fa 100644 > +--- a/libavcodec/vp3.c > ++++ b/libavcodec/vp3.c > +@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx, > + AV_GET_BUFFER_FLAG_REF)) < 0) > + goto error; > + > +- if (!s->edge_emu_buffer) > ++ if (!s->edge_emu_buffer) { > + s->edge_emu_buffer = av_malloc(9 * > FFABS(s->current_frame.f->linesize[0])); > ++ if (!s->edge_emu_buffer) { > ++ ret = AVERROR(ENOMEM); > ++ goto error; > ++ } > ++ } > + > + if (s->keyframe) { > + if (!s->theora) { > +-- > +2.34.1 > + > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > index 95b4bf50ac..c5bebe9c2d 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > @@ -26,7 +26,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz > \ > > file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ > > file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ > > file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ > - " > + file://0001-avcodec-vp3-Add-missing-check-for-av_malloc.patch \ > + " > > SRC_URI[sha256sum] = > "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" > > -- > 2.25.1 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#175978): https://lists.openembedded.org/g/openembedded-core/message/175978 Mute This Topic: https://lists.openembedded.org/mt/96215555/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-