* [OE-core][dunfell][PATCH] ffmpeg: fix for CVE-2022-3341
@ 2023-02-10 12:20 Bhabu Bindu
2023-02-10 17:20 ` Steve Sakoman
0 siblings, 1 reply; 3+ messages in thread
From: Bhabu Bindu @ 2023-02-10 12:20 UTC (permalink / raw)
To: openembedded-core, bhabu.bindu
Cc: akash.hadke, Narpat Mali, Steve Sakoman, Richard Purdie
From: Bhabu Bindu <bhabu.bindu@kpit.com>
avformat/nutdec: Add check for avformat_new_stream
Check for failure of avformat_new_stream() and propagate
the error code.
Upstream-Status: Backport [https://git.yoctoproject.org/poky/commit/?h=kirkstone&id=bba70ce34115151362bfdc49a545ee708eb297ca]
(From OE-Core rev: e17ddd0fafb562ed7ebe7708dac9bcef2d6cecc1)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bba70ce34115151362bfdc49a545ee708eb297ca)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
---
...ec-Add-check-for-avformat_new_stream.patch | 66 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 3 +-
2 files changed, 68 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch
new file mode 100644
index 0000000000..706db9669a
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch
@@ -0,0 +1,66 @@
+From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Date: Wed, 23 Feb 2022 10:31:59 +0800
+Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream
+
+Check for failure of avformat_new_stream() and propagate
+the error code.
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2022-3341
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e]
+
+Comments: Refreshed Hunk
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ libavformat/nutdec.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
+index 0a8a700acf..f9ad2c0af1 100644
+--- a/libavformat/nutdec.c
++++ b/libavformat/nutdec.c
+@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut)
+ ret = AVERROR(ENOMEM);
+ goto fail;
+ }
+- for (i = 0; i < stream_count; i++)
+- avformat_new_stream(s, NULL);
++ for (i = 0; i < stream_count; i++) {
++ if (!avformat_new_stream(s, NULL)) {
++ ret = AVERROR(ENOMEM);
++ goto fail;
++ }
++ }
+
+ return 0;
+ fail:
+@@ -793,19 +793,23 @@
+ NUTContext *nut = s->priv_data;
+ AVIOContext *bc = s->pb;
+ int64_t pos;
+- int initialized_stream_count;
++ int initialized_stream_count, ret;
+
+ nut->avf = s;
+
+ /* main header */
+ pos = 0;
++ ret = 0;
+ do {
++ if (ret == AVERROR(ENOMEM))
++ return ret;
++
+ pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
+ if (pos < 0 + 1) {
+ av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
+ goto fail;
+ }
+- } while (decode_main_header(nut) < 0);
++ } while ((ret = decode_main_header(nut)) < 0);
+
+ /* stream headers */
+ pos = 0;
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
index cbfdbf0563..737fd33fa5 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
@@ -30,7 +30,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2021-3566.patch \
file://CVE-2021-38291.patch \
file://CVE-2022-1475.patch \
- "
+ file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \
+ "
SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3"
SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c"
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [OE-core][dunfell][PATCH] ffmpeg: fix for CVE-2022-3341
2023-02-10 12:20 [OE-core][dunfell][PATCH] ffmpeg: fix for CVE-2022-3341 Bhabu Bindu
@ 2023-02-10 17:20 ` Steve Sakoman
0 siblings, 0 replies; 3+ messages in thread
From: Steve Sakoman @ 2023-02-10 17:20 UTC (permalink / raw)
To: Bhabu Bindu
Cc: openembedded-core, bhabu.bindu, akash.hadke, Narpat Mali,
Richard Purdie
On Fri, Feb 10, 2023 at 2:21 AM Bhabu Bindu <bindudaniel1996@gmail.com> wrote:
>
> From: Bhabu Bindu <bhabu.bindu@kpit.com>
>
> avformat/nutdec: Add check for avformat_new_stream
> Check for failure of avformat_new_stream() and propagate
> the error code.
>
> Upstream-Status: Backport [https://git.yoctoproject.org/poky/commit/?h=kirkstone&id=bba70ce34115151362bfdc49a545ee708eb297ca]
>
> (From OE-Core rev: e17ddd0fafb562ed7ebe7708dac9bcef2d6cecc1)
>
> Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit bba70ce34115151362bfdc49a545ee708eb297ca)
> Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
> ---
> ...ec-Add-check-for-avformat_new_stream.patch | 66 +++++++++++++++++++
> .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 3 +-
> 2 files changed, 68 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch
>
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch
> new file mode 100644
> index 0000000000..706db9669a
> --- /dev/null
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch
This patch should be named CVE-2022-3341.patch.
Please submit a V2!
> @@ -0,0 +1,66 @@
> +From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001
> +From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
> +Date: Wed, 23 Feb 2022 10:31:59 +0800
> +Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream
> +
> +Check for failure of avformat_new_stream() and propagate
> +the error code.
> +
> +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> +
> +CVE: CVE-2022-3341
> +
> +Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e]
> +
> +Comments: Refreshed Hunk
> +Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
> +Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
> +---
> + libavformat/nutdec.c | 16 ++++++++++++----
> + 1 file changed, 12 insertions(+), 4 deletions(-)
> +
> +diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
> +index 0a8a700acf..f9ad2c0af1 100644
> +--- a/libavformat/nutdec.c
> ++++ b/libavformat/nutdec.c
> +@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut)
> + ret = AVERROR(ENOMEM);
> + goto fail;
> + }
> +- for (i = 0; i < stream_count; i++)
> +- avformat_new_stream(s, NULL);
> ++ for (i = 0; i < stream_count; i++) {
> ++ if (!avformat_new_stream(s, NULL)) {
> ++ ret = AVERROR(ENOMEM);
> ++ goto fail;
> ++ }
> ++ }
> +
> + return 0;
> + fail:
> +@@ -793,19 +793,23 @@
> + NUTContext *nut = s->priv_data;
> + AVIOContext *bc = s->pb;
> + int64_t pos;
> +- int initialized_stream_count;
> ++ int initialized_stream_count, ret;
> +
> + nut->avf = s;
> +
> + /* main header */
> + pos = 0;
> ++ ret = 0;
> + do {
> ++ if (ret == AVERROR(ENOMEM))
> ++ return ret;
> ++
> + pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
> + if (pos < 0 + 1) {
> + av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
> + goto fail;
> + }
> +- } while (decode_main_header(nut) < 0);
> ++ } while ((ret = decode_main_header(nut)) < 0);
> +
> + /* stream headers */
> + pos = 0;
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
> index cbfdbf0563..737fd33fa5 100644
> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
> @@ -30,7 +30,8 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
> file://CVE-2021-3566.patch \
> file://CVE-2021-38291.patch \
> file://CVE-2022-1475.patch \
> - "
> + file://0001-avformat-nutdec-Add-check-for-avformat_new_stream.patch \
> + "
Also, this won't apply because we have your other ffmpeg CVE fix in
the current pull request:
https://git.openembedded.org/openembedded-core-contrib/commit/?id=a626228a4be4c52c9d3f43eb1756c1defc22a5e4&h=stable%2Fdunfell-next
So please take this into account with your V2.
Thanks!
Steve
> SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3"
> SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c"
>
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [OE-core][dunfell][PATCH] ffmpeg: fix for CVE-2022-3341
@ 2023-04-10 8:13 Bhabu Bindu
0 siblings, 0 replies; 3+ messages in thread
From: Bhabu Bindu @ 2023-04-10 8:13 UTC (permalink / raw)
To: openembedded-core, bhabu.bindu
Cc: ranjitsinh.rathod, Bhabu Bindu, Narpat Mali, Steve Sakoman,
Richard Purdie
From: Bhabu Bindu <bhabu.bhabu@kpit.com>
avformat/nutdec: Add check for avformat_new_stream
Check for failure of avformat_new_stream() and propagate
the error code.
Upstream-Status: Backport [https://git.yoctoproject.org/poky/commit/?h=kirkstone&id=bba70ce34115151362bfdc49a545ee708eb297ca]
(From OE-Core rev: e17ddd0fafb562ed7ebe7708dac9bcef2d6cecc1)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bba70ce34115151362bfdc49a545ee708eb297ca)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
---
.../ffmpeg/ffmpeg/CVE-2022-3341.patch | 67 +++++++++++++++++++
.../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch
new file mode 100644
index 0000000000..fcbd9b3e1b
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-3341.patch
@@ -0,0 +1,67 @@
+From 9cf652cef49d74afe3d454f27d49eb1a1394951e Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
+Date: Wed, 23 Feb 2022 10:31:59 +0800
+Subject: [PATCH] avformat/nutdec: Add check for avformat_new_stream
+
+Check for failure of avformat_new_stream() and propagate
+the error code.
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2022-3341
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e]
+
+Comments: Refreshed Hunk
+Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
+Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
+---
+ libavformat/nutdec.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
+index 0a8a700acf..f9ad2c0af1 100644
+--- a/libavformat/nutdec.c
++++ b/libavformat/nutdec.c
+@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut)
+ ret = AVERROR(ENOMEM);
+ goto fail;
+ }
+- for (i = 0; i < stream_count; i++)
+- avformat_new_stream(s, NULL);
++ for (i = 0; i < stream_count; i++) {
++ if (!avformat_new_stream(s, NULL)) {
++ ret = AVERROR(ENOMEM);
++ goto fail;
++ }
++ }
+
+ return 0;
+ fail:
+@@ -793,19 +793,23 @@
+ NUTContext *nut = s->priv_data;
+ AVIOContext *bc = s->pb;
+ int64_t pos;
+- int initialized_stream_count;
++ int initialized_stream_count, ret;
+
+ nut->avf = s;
+
+ /* main header */
+ pos = 0;
++ ret = 0;
+ do {
++ if (ret == AVERROR(ENOMEM))
++ return ret;
++
+ pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
+ if (pos < 0 + 1) {
+ av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
+ goto fail;
+ }
+- } while (decode_main_header(nut) < 0);
++ } while ((ret = decode_main_header(nut)) < 0);
+
+ /* stream headers */
+ pos = 0;
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
index ffeec92e0e..1e000dddfa 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb
@@ -31,6 +31,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2021-38291.patch \
file://CVE-2022-1475.patch \
file://CVE-2022-3109.patch \
+ file://CVE-2022-3341.patch \
"
SRC_URI[md5sum] = "348956fc2faa57a2f79bbb84ded9fbc3"
SRC_URI[sha256sum] = "cb754255ab0ee2ea5f66f8850e1bd6ad5cac1cd855d0a2f4990fb8c668b0d29c"
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-04-10 8:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-10 12:20 [OE-core][dunfell][PATCH] ffmpeg: fix for CVE-2022-3341 Bhabu Bindu
2023-02-10 17:20 ` Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2023-04-10 8:13 Bhabu Bindu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.