[OE-core] [PATCH 5/5] libav: fix CVE-2015-6824
jackie.huang at windriver.com
jackie.huang at windriver.com
Fri Nov 13 08:03:29 UTC 2015
From: Jackie Huang <jackie.huang at windriver.com>
Cherry-pick patch from ffmpeg to fix CVE-2015-6824:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
---
.../libav/libav/libav-fix-CVE-2015-6824.patch | 46 ++++++++++++++++++++++
meta/recipes-multimedia/libav/libav_9.18.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-6824.patch
diff --git a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-6824.patch b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-6824.patch
new file mode 100644
index 0000000..2b19bd2
--- /dev/null
+++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2015-6824.patch
@@ -0,0 +1,46 @@
+Upstream-Status: Pending
+
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6824
+
+Cherry-pick from:
+http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
+
+Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
+---
+From a5d44d5c220e12ca0cb7a4eceb0f74759cb13111 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael at niedermayer.cc>
+Date: Wed, 15 Jul 2015 19:20:19 +0200
+Subject: [PATCH] swscale/utils: Clear pix buffers
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes use of uninitialized memory
+Fixes: a96874b9466b6edc660a519c7ad47977_signal_sigsegv_7ffff713351a_744_nc_sample.avi with memlimit 2147483648
+
+Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
+Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
+---
+ libswscale/utils.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libswscale/utils.c b/libswscale/utils.c
+index c384aa5..16f187a 100644
+--- a/libswscale/utils.c
++++ b/libswscale/utils.c
+@@ -1496,9 +1496,9 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter *srcFilter,
+
+ /* Allocate pixbufs (we use dynamic allocation because otherwise we would
+ * need to allocate several megabytes to handle all possible cases) */
+- FF_ALLOC_OR_GOTO(c, c->lumPixBuf, c->vLumBufSize * 3 * sizeof(int16_t *), fail);
+- FF_ALLOC_OR_GOTO(c, c->chrUPixBuf, c->vChrBufSize * 3 * sizeof(int16_t *), fail);
+- FF_ALLOC_OR_GOTO(c, c->chrVPixBuf, c->vChrBufSize * 3 * sizeof(int16_t *), fail);
++ FF_ALLOCZ_OR_GOTO(c, c->lumPixBuf, c->vLumBufSize * 3 * sizeof(int16_t *), fail);
++ FF_ALLOCZ_OR_GOTO(c, c->chrUPixBuf, c->vChrBufSize * 3 * sizeof(int16_t *), fail);
++ FF_ALLOCZ_OR_GOTO(c, c->chrVPixBuf, c->vChrBufSize * 3 * sizeof(int16_t *), fail);
+ if (CONFIG_SWSCALE_ALPHA && isALPHA(c->srcFormat) && isALPHA(c->dstFormat))
+ FF_ALLOCZ_OR_GOTO(c, c->alpPixBuf, c->vLumBufSize * 3 * sizeof(int16_t *), fail);
+ /* Note we need at least one pixel more at the end because of the MMX code
+--
+1.9.1
+
diff --git a/meta/recipes-multimedia/libav/libav_9.18.bb b/meta/recipes-multimedia/libav/libav_9.18.bb
index 026f4df..4378dbe 100644
--- a/meta/recipes-multimedia/libav/libav_9.18.bb
+++ b/meta/recipes-multimedia/libav/libav_9.18.bb
@@ -8,4 +8,5 @@ SRC_URI += "file://libav-fix-CVE-2014-9676.patch \
file://libav-fix-CVE-2015-3395.patch \
file://libav-fix-CVE-2015-6820.patch \
file://libav-fix-CVE-2015-6823.patch \
+ file://libav-fix-CVE-2015-6824.patch \
"
--
1.9.1
More information about the Openembedded-core
mailing list