Re: [PATCH 2/2] gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0869

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "yue.tao" <yue.tao@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 2/2] gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0869
Date: Fri, 29 Aug 2014 14:37:48 +0800	[thread overview]
Message-ID: <54001FBC.1020008@windriver.com> (raw)
In-Reply-To: <1409293376-10981-2-git-send-email-Yue.Tao@windriver.com>


Ditto

On 2014年08月29日 14:22, Yue Tao wrote:
> The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2
> allows remote attackers to have an unspecified impact via crafted H.264
> data, related to an SPS and slice mismatch and an out-of-bounds array
> access.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0869
>
> Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
> ---
>   ...rror-concealment-when-SPS-and-slices-are-.patch |   33 ++++++++++++++++++++
>   .../gstreamer/gst-ffmpeg_0.10.13.bb                |    1 +
>   2 files changed, 34 insertions(+)
>   create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-skip-error-concealment-when-SPS-and-slices-are-.patch
>
> diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-skip-error-concealment-when-SPS-and-slices-are-.patch b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-skip-error-concealment-when-SPS-and-slices-are-.patch
> new file mode 100644
> index 0000000..7dcba36
> --- /dev/null
> +++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-skip-error-concealment-when-SPS-and-slices-are-.patch
> @@ -0,0 +1,33 @@
> +gst-ffmpeg: h264: skip error concealment when SPS and slices are
> + mismatching
> +
> +Fixes out of array accesses
> +
> +Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> +Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
> +(cherry picked from commit 695af8eed642ff0104834495652d1ee784a4c14d)
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
> +Signed-off-by: Yue Tao <yue.tao@windriver.com>
> +---
> + libavcodec/h264.c |    2 +-
> + 1 files changed, 1 insertions(+), 1 deletions(-)
> +
> +diff --git a/libavcodec/h264.c b/libavcodec/h264.c
> +index da144db..0aab4e7 100644
> +--- a/gst-libs/ext/libav/libavcodec/h264.c
> ++++ b/gst-libs/ext/libav/libavcodec/h264.c
> +@@ -2351,7 +2351,7 @@ static int field_end(H264Context *h, int in_setup)
> +      * past end by one (callers fault) and resync_mb_y != 0
> +      * causes problems for the first MB line, too.
> +      */
> +-    if (!FIELD_PICTURE)
> ++    if (!FIELD_PICTURE && h->current_slice && !h->sps.new)
> +         ff_er_frame_end(s);
> +
> +     ff_MPV_frame_end(s);
> +--
> +1.7.5.4
> +
> diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb b/meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb
> index 3ccb7be..395054d 100644
> --- a/meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb
> +++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb
> @@ -54,6 +54,7 @@ SRC_URI = "http://gstreamer.freedesktop.org/src/${BPN}/${BPN}-${PV}.tar.bz2 \
>              file://0001-lavf-compute-probe-buffer-size-more-reliably.patch \
>              file://0001-ffserver-set-oformat.patch \
>              file://0001-h264-set-parameters-from-SPS-whenever-it-changes.patch \
> +           file://0001-h264-skip-error-concealment-when-SPS-and-slices-are-.patch \
>              ${@bb.utils.contains('PACKAGECONFIG', 'libav9', 'file://libav-9.patch', '', d)} \
>   "
>

next prev parent reply	other threads:[~2014-08-29  6:37 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-29  6:22 [PATCH 1/2] gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-4358 Yue Tao
2014-08-29  6:22 ` [PATCH 2/2] gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0869 Yue Tao
2014-08-29  6:37   ` yue.tao [this message]
2014-08-29  6:37 ` [PATCH 1/2] gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-4358 yue.tao
  -- strict thread matches above, loose matches on Subject: below --
2014-08-29  6:46 Yue Tao
2014-08-29  6:46 ` [PATCH 2/2] gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0869 Yue Tao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54001FBC.1020008@windriver.com \
    --to=yue.tao@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.