On Thu, Jan 19, 2023 at 7:20 AM Narpat Mali <[email protected]> wrote: > > avformat/nutdec: Add check for avformat_new_stream > Check for failure of avformat_new_stream() and propagate > the error code. > > Signed-off-by: Narpat Mali <[email protected]> > --- > ...ec-Add-check-for-avformat_new_stream.patch | 67 +++++++++++++++++++
In the future please name CVE patches with the CVE number, i.e. CVE-2022-3341 This makes it much easier to see which patches are CVE fixes without having to open the file. Thanks, Steve > .../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 1 + > 2 files changed, 68 insertions(+) > create mode 100644 > meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > > diff --git > a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > > b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > new file mode 100644 > index 00000000000..41d5884f880 > --- /dev/null > +++ > b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch > @@ -0,0 +1,67 @@ > +From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001 > +From: Jiasheng Jiang <[email protected]> > +Date: Wed, 23 Feb 2022 10:31:59 +0800 > +Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream > + > +Check for failure of avformat_new_stream() and propagate > +the error code. > + > +Signed-off-by: Michael Niedermayer <[email protected]> > + > +CVE: CVE-2022-3341 > + > +Upstream-Status: Backport > [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e] > + > +Signed-off-by: Narpat Mali <[email protected]> > +--- > + libavformat/nutdec.c | 16 ++++++++++++---- > + 1 file changed, 12 insertions(+), 4 deletions(-) > + > +diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c > +index 0a8a700acf..f9ad2c0af1 100644 > +--- a/libavformat/nutdec.c > ++++ b/libavformat/nutdec.c > +@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut) > + ret = AVERROR(ENOMEM); > + goto fail; > + } > +- for (i = 0; i < stream_count; i++) > +- avformat_new_stream(s, NULL); > ++ for (i = 0; i < stream_count; i++) { > ++ if (!avformat_new_stream(s, NULL)) { > ++ ret = AVERROR(ENOMEM); > ++ goto fail; > ++ } > ++ } > + > + return 0; > + fail: > +@@ -800,19 +804,23 @@ static int nut_read_header(AVFormatContext *s) > + NUTContext *nut = s->priv_data; > + AVIOContext *bc = s->pb; > + int64_t pos; > +- int initialized_stream_count; > ++ int initialized_stream_count, ret; > + > + nut->avf = s; > + > + /* main header */ > + pos = 0; > ++ ret = 0; > + do { > ++ if (ret == AVERROR(ENOMEM)) > ++ return ret; > ++ > + pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; > + if (pos < 0 + 1) { > + av_log(s, AV_LOG_ERROR, "No main startcode found.\n"); > + return AVERROR_INVALIDDATA; > + } > +- } while (decode_main_header(nut) < 0); > ++ } while ((ret = decode_main_header(nut)) < 0); > + > + /* stream headers */ > + pos = 0; > +-- > +2.34.1 > + > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > index 95b4bf50ace..57990331487 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > @@ -26,6 +26,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ > > file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \ > > file://0001-avcodec-rpzaenc-stop-accessing-out-of-bounds-frame.patch \ > > file://0001-avcodec-smcenc-stop-accessing-out-of-bounds-frame.patch \ > + > file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \ > " > > SRC_URI[sha256sum] = > "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a93007b" > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176157): https://lists.openembedded.org/g/openembedded-core/message/176157 Mute This Topic: https://lists.openembedded.org/mt/96381863/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
