Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
ffmpeg
ffmpeg-CVE-2020-22043.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ffmpeg-CVE-2020-22043.patch of Package ffmpeg
diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavformat/mpegenc.c ffmpeg-3.4.2.new/libavformat/mpegenc.c --- ffmpeg-3.4.2.old/libavformat/mpegenc.c 2021-06-02 15:52:46.095508824 +0800 +++ ffmpeg-3.4.2.new/libavformat/mpegenc.c 2021-06-03 10:42:45.880563557 +0800 @@ -315,7 +315,7 @@ if (ctx->packet_size < 20 || ctx->packet_size > (1 << 23) + 10) { av_log(ctx, AV_LOG_ERROR, "Invalid packet size %d\n", ctx->packet_size); - goto fail; + return AVERROR(EINVAL); } s->packet_size = ctx->packet_size; } else @@ -343,7 +343,7 @@ st = ctx->streams[i]; stream = av_mallocz(sizeof(StreamInfo)); if (!stream) - goto fail; + return AVERROR(ENOMEM); st->priv_data = stream; avpriv_set_pts_info(st, 64, 1, 90000); @@ -369,14 +369,28 @@ if (lpcm_freq_tab[j] == st->codecpar->sample_rate) break; } - if (j == 4) - goto fail; - if (st->codecpar->channels > 8) - return -1; + if (j == 4) { + int sr; + av_log(ctx, AV_LOG_ERROR, "Invalid sampling rate for PCM stream.\n"); + av_log(ctx, AV_LOG_INFO, "Allowed sampling rates:"); + for (sr = 0; sr < 4; sr++) + av_log(ctx, AV_LOG_INFO, " %d", lpcm_freq_tab[sr]); + av_log(ctx, AV_LOG_INFO, "\n"); + return AVERROR(EINVAL); + } + if (st->codecpar->channels > 8) { + av_log(ctx, AV_LOG_ERROR, "At most 8 channels allowed for LPCM streams.\n"); + return AVERROR(EINVAL); + } stream->lpcm_header[0] = 0x0c; stream->lpcm_header[1] = (st->codecpar->channels - 1) | (j << 4); stream->lpcm_header[2] = 0x80; stream->lpcm_align = st->codecpar->channels * 2; + } else if (st->codecpar->codec_id != AV_CODEC_ID_MP1 && + st->codecpar->codec_id != AV_CODEC_ID_MP2 && + st->codecpar->codec_id != AV_CODEC_ID_MP3) { + av_log(ctx, AV_LOG_ERROR, "Unsupported audio codec. Must be one of mp1, mp2, mp3, pcm_s16be, ac3 or dts.\n"); + return AVERROR(EINVAL); } else { stream->id = mpa_id++; } @@ -420,7 +434,7 @@ } stream->fifo = av_fifo_alloc(16); if (!stream->fifo) - goto fail; + return AVERROR(ENOMEM); } bitrate = 0; audio_bitrate = 0; @@ -520,11 +534,6 @@ s->system_header_size = get_system_header_size(ctx); s->last_scr = AV_NOPTS_VALUE; return 0; - -fail: - for (i = 0; i < ctx->nb_streams; i++) - av_freep(&ctx->streams[i]->priv_data); - return AVERROR(ENOMEM); } static inline void put_timestamp(AVIOContext *pb, int id, int64_t timestamp) @@ -1202,11 +1211,18 @@ stream = ctx->streams[i]->priv_data; av_assert0(av_fifo_size(stream->fifo) == 0); - av_fifo_freep(&stream->fifo); } return 0; } +static void mpeg_mux_deinit(AVFormatContext *ctx) +{ + for (int i = 0; i < ctx->nb_streams; i++) { + StreamInfo *stream = ctx->streams[i]->priv_data; + av_fifo_freep(&stream->fifo); + } +} + #define OFFSET(x) offsetof(MpegMuxContext, x) #define E AV_OPT_FLAG_ENCODING_PARAM static const AVOption options[] = { @@ -1236,6 +1252,7 @@ .write_header = mpeg_mux_init, .write_packet = mpeg_mux_write_packet, .write_trailer = mpeg_mux_end, + .deinit = mpeg_mux_deinit, .priv_class = &mpeg_class, }; #endif @@ -1252,6 +1269,7 @@ .write_header = mpeg_mux_init, .write_packet = mpeg_mux_write_packet, .write_trailer = mpeg_mux_end, + .deinit = mpeg_mux_deinit, .priv_class = &vcd_class, }; #endif @@ -1269,6 +1287,7 @@ .write_header = mpeg_mux_init, .write_packet = mpeg_mux_write_packet, .write_trailer = mpeg_mux_end, + .deinit = mpeg_mux_deinit, .priv_class = &vob_class, }; #endif @@ -1287,6 +1306,7 @@ .write_header = mpeg_mux_init, .write_packet = mpeg_mux_write_packet, .write_trailer = mpeg_mux_end, + .deinit = mpeg_mux_deinit, .priv_class = &svcd_class, }; #endif @@ -1305,6 +1325,7 @@ .write_header = mpeg_mux_init, .write_packet = mpeg_mux_write_packet, .write_trailer = mpeg_mux_end, + .deinit = mpeg_mux_deinit, .priv_class = &dvd_class, }; #endif
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor