From: "Anuj Mittal" <anuj.mittal@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [hardknott][PATCH 07/17] ffmpeg: fix CVE-2021-38291
Date: Thu, 16 Sep 2021 07:15:31 +0800 [thread overview]
Message-ID: <cbb7b8cfbd4cfe6115e858e14f415d89d182f550.1631747352.git.anuj.mittal@intel.com> (raw)
In-Reply-To: <cover.1631747352.git.anuj.mittal@intel.com>
From: Kiran Surendran <ksurendr@ala-lpggp3.wrs.com>
backport from upstream
Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../ffmpeg/ffmpeg/fix-CVE-2021-38291.patch | 54 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb | 1 +
2 files changed, 55 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
new file mode 100644
index 0000000000..ef1c760286
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/fix-CVE-2021-38291.patch
@@ -0,0 +1,54 @@
+CVE: CVE-2021-38291
+Upstream-Status: Backport
+Signed-off-by: Kiran Surendran <kiran.surendran@windriver.com>
+
+From e908bdb157fa493be2b50e2a11055d19c5254a15 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Wed, 21 Jul 2021 01:02:44 -0300
+Subject: [PATCH] avcodec/utils: don't return negative values in
+ av_get_audio_frame_duration()
+
+In some extrme cases, like with adpcm_ms samples with an extremely high channel
+count, get_audio_frame_duration() may return a negative frame duration value.
+Don't propagate it, and instead return 0, signaling that a duration could not
+be determined.
+
+Fixes ticket #9312
+
+Signed-off-by: James Almer <jamrial@gmail.com>
+---
+ libavcodec/utils.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/utils.c b/libavcodec/utils.c
+index 81e34254e8..5fdb10fe09 100644
+--- a/libavcodec/utils.c
++++ b/libavcodec/utils.c
+@@ -1776,20 +1776,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
+
+ int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes)
+ {
+- return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
++ int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
+ avctx->channels, avctx->block_align,
+ avctx->codec_tag, avctx->bits_per_coded_sample,
+ avctx->bit_rate, avctx->extradata, avctx->frame_size,
+ frame_bytes);
++ return FFMAX(0, duration);
+ }
+
+ int av_get_audio_frame_duration2(AVCodecParameters *par, int frame_bytes)
+ {
+- return get_audio_frame_duration(par->codec_id, par->sample_rate,
++ int duration = get_audio_frame_duration(par->codec_id, par->sample_rate,
+ par->channels, par->block_align,
+ par->codec_tag, par->bits_per_coded_sample,
+ par->bit_rate, par->extradata, par->frame_size,
+ frame_bytes);
++ return FFMAX(0, duration);
+ }
+
+ #if !HAVE_THREADS
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
index 0a49493abd..3e7ceb859f 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.2.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://fix-CVE-2020-22015.patch \
file://fix-CVE-2020-22021.patch \
file://fix-CVE-2020-22033-CVE-2020-22019.patch \
+ file://fix-CVE-2021-38291.patch \
"
SRC_URI[sha256sum] = "46e4e64f1dd0233cbc0934b9f1c0da676008cad34725113fb7f802cfa84ccddb"
--
2.31.1
next prev parent reply other threads:[~2021-09-15 23:15 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-15 23:15 [hardknott][PATCH 00/17] Review request Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 01/17] ruby: Security fixes for CVE-2021-31810/CVE-2021-32066 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 02/17] ruby: fix CVE-2021-31799 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 03/17] sqlite3: fix CVE-2021-36690 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 04/17] apr: Security fix for CVE-2021-35940 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 05/17] mc: fix CVE-2021-36370 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 06/17] squashfs-tools: fix CVE-2021-40153 Anuj Mittal
2021-09-15 23:15 ` Anuj Mittal [this message]
2021-09-15 23:15 ` [hardknott][PATCH 08/17] bluez5: fix CVE-2021-0129 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 09/17] tcl: Exclude CVE-2021-35331 from checks Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 10/17] flex: Add CVE-2019-6293 to exclusions for checks Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 11/17] go: Exclude CVE-2021-29923 from report list Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 12/17] linux-yocto/5.10: update to v5.10.61 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 13/17] linux-yocto/5.10: update to v5.10.63 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 14/17] systemtap: Fix headers issue with x86 and 5.13 headers Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 15/17] ffmpeg: fix CVE-2021-38171 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 16/17] linux-yocto/5.4: update to v5.4.143 Anuj Mittal
2021-09-15 23:15 ` [hardknott][PATCH 17/17] linux-yocto/5.4: update to v5.4.144 Anuj Mittal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cbb7b8cfbd4cfe6115e858e14f415d89d182f550.1631747352.git.anuj.mittal@intel.com \
--to=anuj.mittal@intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.