[OE-core] [PATCH 4/5] libav: fix CVE-2015-6823

[jackie.huang at windriver.com]

From: Jackie Huang <jackie.huang at windriver.com>

Cherry-pick patch from ffmpeg to fix CVE-2015-6823:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f7068bf277a37479aecde2832208d820682b35e6

Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
---
 .../libav/libav/libav-fix-CVE-2015-6823.patch      | 45 ++++++++++++++++++++++
 meta/recipes-multimedia/libav/libav_9.18.bb        |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-6823.patch

diff --git a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-6823.patch b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-6823.patch
new file mode 100644
index 0000000..198353b
--- /dev/null
+++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-6823.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Pending
+
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6823
+
+Cherry-pick from:
+http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f7068bf277a37479aecde2832208d820682b35e6
+
+Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
+---
+From f7068bf277a37479aecde2832208d820682b35e6 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael at niedermayer.cc>
+Date: Mon, 13 Jul 2015 15:46:10 +0200
+Subject: [PATCH] avcodec/alac: Clear pointers in allocate_buffers()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes: 06a4edb39ad8a9883175f9bd428334a2_signal_sigsegv_7ffff713351a_706_mov__alac__ALAC_6ch.mov
+
+Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
+Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
+---
+ libavcodec/alac.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libavcodec/alac.c b/libavcodec/alac.c
+index b0527f1..a5948bb 100644
+--- a/libavcodec/alac.c
++++ b/libavcodec/alac.c
+@@ -534,6 +534,12 @@ static int allocate_buffers(ALACContext *alac)
+     int ch;
+     int buf_size = alac->max_samples_per_frame * sizeof(int32_t);
+ 
++    for (ch = 0; ch < 2; ch++) {
++        alac->predict_error_buffer[ch]  = NULL;
++        alac->output_samples_buffer[ch] = NULL;
++        alac->extra_bits_buffer[ch]     = NULL;
++    }
++
+     for (ch = 0; ch < FFMIN(alac->channels, 2); ch++) {
+         FF_ALLOC_OR_GOTO(alac->avctx, alac->predict_error_buffer[ch],
+                          buf_size, buf_alloc_fail);
+-- 
+1.9.1
+
diff --git a/meta/recipes-multimedia/libav/libav_9.18.bb b/meta/recipes-multimedia/libav/libav_9.18.bb
index 7d0cc70..026f4df 100644
--- a/meta/recipes-multimedia/libav/libav_9.18.bb
+++ b/meta/recipes-multimedia/libav/libav_9.18.bb
@@ -7,4 +7,5 @@ SRC_URI += "file://libav-fix-CVE-2014-9676.patch \
             file://libav-fix-CVE-2015-1872.patch \
             file://libav-fix-CVE-2015-3395.patch \
             file://libav-fix-CVE-2015-6820.patch \
+            file://libav-fix-CVE-2015-6823.patch \
            "
-- 
1.9.1