Backport fix for CVE-2024-12361 (resolves rhbz#2331085)
This commit is contained in:
Dominik Mierzejewski
parent
2612e2ec91
commit
befa801151
2 changed files with 38 additions and 1 deletions
32
ffmpeg-CVE-2024-12361.patch
Normal file
32
ffmpeg-CVE-2024-12361.patch
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
From 4065ff69a2ed49872f8694a03d0642b18c9d977c Mon Sep 17 00:00:00 2001
|
||||
From: Jiasheng Jiang <jiashengjiangcool@outlook.com>
|
||||
Date: Mon, 10 Jun 2024 14:18:11 +0000
|
||||
Subject: [PATCH] avcodec/mpegvideo_enc: Add check for
|
||||
av_packet_new_side_data()
|
||||
|
||||
Add check for av_packet_new_side_data() to avoid null pointer
|
||||
dereference if allocation fails.
|
||||
|
||||
Fixes: bdc1220eeb ("h263enc: Add an option for outputting info about MBs as side data")
|
||||
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
|
||||
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
||||
---
|
||||
libavcodec/mpegvideo_enc.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
|
||||
index 620ca08869..d33754d115 100644
|
||||
--- a/libavcodec/mpegvideo_enc.c
|
||||
+++ b/libavcodec/mpegvideo_enc.c
|
||||
@@ -1825,6 +1825,8 @@ int ff_mpv_encode_picture(AVCodecContext *avctx, AVPacket *pkt,
|
||||
s->mb_info_ptr = av_packet_new_side_data(pkt,
|
||||
AV_PKT_DATA_H263_MB_INFO,
|
||||
s->mb_width*s->mb_height*12);
|
||||
+ if (!s->mb_info_ptr)
|
||||
+ return AVERROR(ENOMEM);
|
||||
s->prev_mb_info = s->last_mb_info = s->mb_info_size = 0;
|
||||
}
|
||||
|
||||
--
|
||||
2.48.1
|
||||
|
||||
|
|
@ -100,7 +100,7 @@ Name: ffmpeg
|
|||
%global pkg_name %{name}%{?pkg_suffix}
|
||||
|
||||
Version: 6.1.2
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: A complete solution to record, convert and stream audio and video
|
||||
License: GPL-3.0-or-later
|
||||
URL: https://ffmpeg.org/
|
||||
|
|
@ -135,6 +135,8 @@ Patch8: https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/2d9ed64859c9887d0
|
|||
# Fixes for Mesa 24.0.6+ / 24.1.4+ VA-API
|
||||
Patch9: 0001-lavc-vaapi_decode-Make-it-possible-to-send-multiple-.patch
|
||||
Patch10: 0002-lavc-vaapi_av1-Avoid-sending-the-same-slice-buffer-m.patch
|
||||
# Backport fix for CVE-2024-12361
|
||||
Patch11: https://git.ffmpeg.org/gitweb/ffmpeg.git/patch/4065ff69a2ed49872f8694a03d0642b18c9d977c#/ffmpeg-CVE-2024-12361.patch
|
||||
|
||||
# Set up dlopen for openh264
|
||||
Patch1001: ffmpeg-dlopen-openh264.patch
|
||||
|
|
@ -881,6 +883,9 @@ rm -rf %{buildroot}%{_datadir}/%{name}/examples
|
|||
%{_mandir}/man3/libswscale.3*
|
||||
|
||||
%changelog
|
||||
* Fri Mar 07 2025 Dominik Mierzejewski <dominik@greysector.net> - 6.1.2-2
|
||||
- Backport fix for CVE-2024-12361 (resolves rhbz#2331085)
|
||||
|
||||
* Sat Aug 24 2024 Fabio Valentini <decathorpe@gmail.com> - 6.1.2-1
|
||||
- Update to 6.1.2
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue