On 2023-04-28 12:58, Narpat Mali via lists.openembedded.org wrote:
From: Narpat Mali<[email protected]>
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and
other products, leaves stale hwaccel state in worker threads, which
allows attackers to trigger a use-after-free and execute arbitrary
code in some circumstances (e.g., hardware re-initialization upon a
mid-video SPS change when Direct3D11 is used).
Thanks for working on this fix.
LGTM but see some nitpics below.
../Randy
Note that it's nice to minimize whitespace noise (but no need to re-submit):
poky.git on kirkstone [$]
❯ git am /tmp/narpat-ffmpeg.eml
Applying: ffmpeg: fix for CVE-2022-48434
.git/rebase-apply/patch:49: trailing whitespace.
.git/rebase-apply/patch:53: trailing whitespace.
.git/rebase-apply/patch:66: trailing whitespace.
.git/rebase-apply/patch:72: trailing whitespace.
.git/rebase-apply/patch:81: trailing whitespace.
warning: squelched 8 whitespace errors
warning: 13 lines add whitespace errors.
I also note that in the ffmpeg git repo, this commit has been back-ported:
ffmpeg.git on release/5.0
❯ git log --oneline -1 3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba
3bc28e9d1a lavc/pthread_frame: avoid leaving stale hwaccel state in
worker threads
ffmpeg.git on release/5.0
❯ git branch -a --contains 3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba
* release/5.0
remotes/origin/release/5.0
Your patch is identical to the backport so that's good and we can accept
the patch
unless Steve finds a problem. Next time, check the git repo and see if
there is a
branch that matches the version we're using and if someone has already
done the
backport.
../Randy
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180740):
https://lists.openembedded.org/g/openembedded-core/message/180740
Mute This Topic: https://lists.openembedded.org/mt/98562871/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
