* [PATCH][dunfell] ffmpeg: fix CVE-2020-12284
@ 2020-10-25 5:51 Lee Chee Yang
0 siblings, 0 replies; only message in thread
From: Lee Chee Yang @ 2020-10-25 5:51 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
---
.../ffmpeg/ffmpeg/CVE-2020-12284.patch | 36 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch
new file mode 100644
index 0000000000..5fff4754f4
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-12284.patch
@@ -0,0 +1,36 @@
+From 1812352d767ccf5431aa440123e2e260a4db2726 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 7 Mar 2020 15:42:58 +0100
+Subject: [PATCH] avcodec/cbs_jpeg: Check length for SOS
+
+Fixes: out of array access
+Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584
+Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/1812352d767ccf5431aa440123e2e260a4db2726]
+CVE: CVE-2020-12284
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ libavcodec/cbs_jpeg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c
+index 6bbce5f..89512a2 100644
+--- a/libavcodec/cbs_jpeg.c
++++ b/libavcodec/cbs_jpeg.c
+@@ -197,6 +197,9 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx,
+ if (marker == JPEG_MARKER_SOS) {
+ length = AV_RB16(frag->data + start);
+
++ if (length > end - start)
++ return AVERROR_INVALIDDATA;
++
+ data_ref = NULL;
+ data = av_malloc(end - start +
+ AV_INPUT_BUFFER_PADDING_SIZE);
+--
+2.7.4
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
index d7b0641054..fddfef9e27 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
@@ -25,6 +25,7 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://mips64_cpu_detection.patch \
+ file://CVE-2020-12284.patch \
"
SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3"
SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c"
--
2.17.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-10-25 5:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-25 5:51 [PATCH][dunfell] ffmpeg: fix CVE-2020-12284 Lee Chee Yang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.