File ffmpeg-4-CVE-2023-51798.patch of Package ffmpeg-4.35694

Overview Repositories Revisions Requests Users Attributes Meta

File ffmpeg-4-CVE-2023-51798.patch of Package ffmpeg-4.35694

From 68146f06f852078866b3ef1564556e3a272920c7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 30 Dec 2023 02:51:32 +0100
Subject: [PATCH] avfilter/vf_minterpolate: Check pts before division
References: CVE-2023-51798
References: bsc#1223304
Upstream: Backport from upstream

Fixes: FPE
Fixes: tickets/10758/poc20ffmpeg

Discovered by Zeng Yunxiang

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/vf_minterpolate.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
index 9920210ece..b2242a15ee 100644
--- a/libavfilter/vf_minterpolate.c
+++ b/libavfilter/vf_minterpolate.c
@@ -1075,8 +1075,13 @@ static void interpolate(AVFilterLink *inlink, AVFrame *avf_out)
     pts = av_rescale(avf_out->pts, (int64_t) ALPHA_MAX * outlink->time_base.num * inlink->time_base.den,
                                    (int64_t)             outlink->time_base.den * inlink->time_base.num);
 
-    alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
-    alpha = av_clip(alpha, 0, ALPHA_MAX);
+    if (mi_ctx->frames[2].avf->pts > mi_ctx->frames[1].avf->pts) {
+        alpha = (pts - mi_ctx->frames[1].avf->pts * ALPHA_MAX) / (mi_ctx->frames[2].avf->pts - mi_ctx->frames[1].avf->pts);
+        alpha = av_clip(alpha, 0, ALPHA_MAX);
+    } else {
+        av_log(ctx, AV_LOG_DEBUG, "duplicate input PTS detected\n");
+        alpha = 0;
+    }
 
     if (alpha == 0 || alpha == ALPHA_MAX) {
         av_frame_copy(avf_out, alpha ? mi_ctx->frames[2].avf : mi_ctx->frames[1].avf);
-- 
2.44.0

Places

File ffmpeg-4-CVE-2023-51798.patch of Package ffmpeg-4.35694

Places