File ffmpeg-CVE-2022-3964.patch of Package ffmpeg-5

Overview Repositories Revisions Requests Users Attributes Meta

File ffmpeg-CVE-2022-3964.patch of Package ffmpeg-5 (Revision 140df5302f9609d820b3de371dd45856)

Currently displaying revision 140df5302f9609d820b3de371dd45856 , Show latest

diff --unified --recursive --text --new-file --color ffmpeg-4.4.old/libavcodec/rpzaenc.c ffmpeg-4.4.new/libavcodec/rpzaenc.c
--- ffmpeg-4.4.old/libavcodec/rpzaenc.c	2022-11-15 14:41:42.262978968 +0800
+++ ffmpeg-4.4.new/libavcodec/rpzaenc.c	2022-11-15 14:43:37.183516204 +0800
@@ -204,7 +204,7 @@
 
     // loop thru and compare pixels
     for (y = 0; y < bi->block_height; y++) {
-        for (x = 0; x < bi->block_width; x++){
+        for (x = 0; x < bi->block_width; x++) {
             // TODO:  optimize
             min_r = FFMIN(R(block_ptr[x]), min_r);
             min_g = FFMIN(G(block_ptr[x]), min_g);
@@ -276,7 +276,7 @@
         return -1;
 
     for (i = 0; i < bi->block_height; i++) {
-        for (j = 0; j < bi->block_width; j++){
+        for (j = 0; j < bi->block_width; j++) {
             x = GET_CHAN(block_ptr[j], xchannel);
             y = GET_CHAN(block_ptr[j], ychannel);
             sumx += x;
@@ -323,7 +323,7 @@
     int max_err = 0;
 
     for (i = 0; i < bi->block_height; i++) {
-        for (j = 0; j < bi->block_width; j++){
+        for (j = 0; j < bi->block_width; j++) {
             int x_inc, lin_y, lin_x;
             x = GET_CHAN(block_ptr[j], xchannel);
             y = GET_CHAN(block_ptr[j], ychannel);
@@ -418,7 +418,9 @@
                                        uint16_t *dest_pixels,
                                        const BlockInfo *bi, int block_counter)
 {
-    for (int y = 0; y < 4; y++) {
+    const int y_size = FFMIN(4, bi->image_height - bi->row * 4);
+
+    for (int y = 0; y < y_size; y++) {
         memcpy(dest_pixels, src_pixels, 8);
         dest_pixels += bi->rowstride;
         src_pixels += bi->rowstride;
@@ -728,13 +730,14 @@
 
             if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
                 uint16_t *row_ptr;
-                int rgb555;
+                int y_size, rgb555;
 
                 block_offset = get_block_info(&bi, block_counter);
 
                 row_ptr = &src_pixels[block_offset];
+                y_size = FFMIN(4, bi.image_height - bi.row * 4);
 
-                for (int y = 0; y < 4; y++) {
+                for (int y = 0; y < y_size; y++) {
                     for (int x = 0; x < 4; x++){
                         rgb555 = row_ptr[x] & ~0x8000;
 
@@ -743,6 +746,11 @@
                     row_ptr += bi.rowstride;
                 }
 
+                for (int y = y_size; y < 4; y++) {
+                    for (int x = 0; x < 4; x++)
+                        put_bits(&s->pb, 16, 0);
+                }
+
                 block_counter++;
             } else { // FOUR COLOR BLOCK
                 block_counter += encode_four_color_block(min_color, max_color,

Places

File ffmpeg-CVE-2022-3964.patch of Package ffmpeg-5 (Revision 140df5302f9609d820b3de371dd45856)

Places