From: Kiran Surendran <kiran.surendran@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [PATCH] ffmpeg: fix CVE-2021-38114
Date: Fri, 8 Oct 2021 09:48:57 -0700 [thread overview]
Message-ID: <20211008164857.91699-1-kiran.surendran@windriver.com> (raw)
backport from upstream
Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38114.patch | 67 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 3 +-
2 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
new file mode 100644
index 0000000000..3de7cf7e0f
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38114.patch
@@ -0,0 +1,67 @@
+CVE: CVE-2021-38114
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
+
+From 662aef4aacf23b4be4c1cfaebd837e225b357e51 Mon Sep 17 00:00:00 2001
+From: maryam ebr <me22bee@outlook.com>
+Date: Tue, 3 Aug 2021 01:05:47 -0400
+Subject: [PATCH] avcodec/dnxhddec: check and propagate function return value
+
+Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
+crafted DNxHD data can cause unspecified impact.
+
+Reviewed-by: Paul B Mahol <onemda@gmail.com>
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavcodec/dnxhddec.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c
+index e5d01e2e71..54f894f81b 100644
+--- a/libavcodec/dnxhddec.c
++++ b/libavcodec/dnxhddec.c
+@@ -110,6 +110,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)
+
+ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
+ {
++ int ret;
+ if (cid != ctx->cid) {
+ int index;
+
+@@ -129,19 +130,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
+ ff_free_vlc(&ctx->dc_vlc);
+ ff_free_vlc(&ctx->run_vlc);
+
+- init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
++ if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
+ ctx->cid_table->ac_bits, 1, 1,
+- ctx->cid_table->ac_codes, 2, 2, 0);
+- init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
++ ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
++ goto out;
++ if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
+ ctx->cid_table->dc_bits, 1, 1,
+- ctx->cid_table->dc_codes, 1, 1, 0);
+- init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
++ ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
++ goto out;
++ if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
+ ctx->cid_table->run_bits, 1, 1,
+- ctx->cid_table->run_codes, 2, 2, 0);
++ ctx->cid_table->run_codes, 2, 2, 0)) < 0)
++ goto out;
+
+ ctx->cid = cid;
+ }
+- return 0;
++ ret = 0;
++out:
++ if (ret < 0)
++ av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
++ return ret;
+ }
+
+ static int dnxhd_get_profile(int cid)
+--
+2.31.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 0a49493abd..7df356946b 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -31,7 +31,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
- "
+ file://fix-CVE-2021-38114.patch \
+ "
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
# Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
--
2.31.1
next reply other threads:[~2021-10-08 16:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-08 16:48 Kiran Surendran [this message]
2021-10-08 21:12 ` [OE-core] [PATCH] ffmpeg: fix CVE-2021-38114 Richard Purdie
2021-10-08 21:47 ` Kiran Surendran
2021-10-18 17:20 Kiran Surendran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211008164857.91699-1-kiran.surendran@windriver.com \
--to=kiran.surendran@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.