summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/ffmpeg
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-multimedia/ffmpeg')
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libavutil-include-assembly-with-full-path-from-sourc.patch97
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch75
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch35
-rw-r--r--meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb8
4 files changed, 215 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libavutil-include-assembly-with-full-path-from-sourc.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libavutil-include-assembly-with-full-path-from-sourc.patch
new file mode 100644
index 0000000000..3b503c49c9
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0001-libavutil-include-assembly-with-full-path-from-sourc.patch
@@ -0,0 +1,97 @@
+From 24a58d70cbb3997e471366bd5afe54be9007bfb1 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Tue, 10 Nov 2020 15:32:14 +0000
+Subject: [PATCH] libavutil: include assembly with full path from source root
+
+Otherwise nasm writes the full host-specific paths into .o
+output, which breaks binary reproducibility.
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ libavutil/x86/cpuid.asm | 2 +-
+ libavutil/x86/emms.asm | 2 +-
+ libavutil/x86/fixed_dsp.asm | 2 +-
+ libavutil/x86/float_dsp.asm | 2 +-
+ libavutil/x86/lls.asm | 2 +-
+ libavutil/x86/pixelutils.asm | 2 +-
+ 6 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/libavutil/x86/cpuid.asm b/libavutil/x86/cpuid.asm
+index c3f7866..766f77f 100644
+--- a/libavutil/x86/cpuid.asm
++++ b/libavutil/x86/cpuid.asm
+@@ -21,7 +21,7 @@
+ ;* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ ;******************************************************************************
+
+-%include "x86util.asm"
++%include "libavutil/x86/x86util.asm"
+
+ SECTION .text
+
+diff --git a/libavutil/x86/emms.asm b/libavutil/x86/emms.asm
+index 8611762..df84f22 100644
+--- a/libavutil/x86/emms.asm
++++ b/libavutil/x86/emms.asm
+@@ -18,7 +18,7 @@
+ ;* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ ;******************************************************************************
+
+-%include "x86util.asm"
++%include "libavutil/x86/x86util.asm"
+
+ SECTION .text
+
+diff --git a/libavutil/x86/fixed_dsp.asm b/libavutil/x86/fixed_dsp.asm
+index 979dd5c..2f41185 100644
+--- a/libavutil/x86/fixed_dsp.asm
++++ b/libavutil/x86/fixed_dsp.asm
+@@ -20,7 +20,7 @@
+ ;* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ ;******************************************************************************
+
+-%include "x86util.asm"
++%include "libavutil/x86/x86util.asm"
+
+ SECTION .text
+
+diff --git a/libavutil/x86/float_dsp.asm b/libavutil/x86/float_dsp.asm
+index 517fd63..b773e61 100644
+--- a/libavutil/x86/float_dsp.asm
++++ b/libavutil/x86/float_dsp.asm
+@@ -20,7 +20,7 @@
+ ;* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ ;******************************************************************************
+
+-%include "x86util.asm"
++%include "libavutil/x86/x86util.asm"
+
+ SECTION_RODATA 32
+ pd_reverse: dd 7, 6, 5, 4, 3, 2, 1, 0
+diff --git a/libavutil/x86/lls.asm b/libavutil/x86/lls.asm
+index 317fba6..d2526d1 100644
+--- a/libavutil/x86/lls.asm
++++ b/libavutil/x86/lls.asm
+@@ -20,7 +20,7 @@
+ ;* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ ;******************************************************************************
+
+-%include "x86util.asm"
++%include "libavutil/x86/x86util.asm"
+
+ SECTION .text
+
+diff --git a/libavutil/x86/pixelutils.asm b/libavutil/x86/pixelutils.asm
+index 36c57c5..8b45ead 100644
+--- a/libavutil/x86/pixelutils.asm
++++ b/libavutil/x86/pixelutils.asm
+@@ -21,7 +21,7 @@
+ ;* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ ;******************************************************************************
+
+-%include "x86util.asm"
++%include "libavutil/x86/x86util.asm"
+
+ SECTION .text
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch
new file mode 100644
index 0000000000..6b96bd674f
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35964.patch
@@ -0,0 +1,75 @@
+From 27a99e2c7d450fef15594671eef4465c8a166bd7 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Wed, 28 Oct 2020 20:11:54 +0100
+Subject: [PATCH] avformat/vividas: improve extradata packing checks in
+ track_header()
+
+Fixes: out of array accesses
+Fixes: 26622/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6581200338288640
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7]
+
+CVE: CVE-2020-35964
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
+---
+ libavformat/vividas.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/libavformat/vividas.c b/libavformat/vividas.c
+index 83d0ed116787..46c66bf9a0ae 100644
+--- a/libavformat/vividas.c
++++ b/libavformat/vividas.c
+@@ -28,6 +28,7 @@
+ * @sa http://wiki.multimedia.cx/index.php?title=Vividas_VIV
+ */
+
++#include "libavutil/avassert.h"
+ #include "libavutil/intreadwrite.h"
+ #include "avio_internal.h"
+ #include "avformat.h"
+@@ -379,7 +380,7 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *
+
+ if (avio_tell(pb) < off) {
+ int num_data;
+- int xd_size = 0;
++ int xd_size = 1;
+ int data_len[256];
+ int offset = 1;
+ uint8_t *p;
+@@ -393,10 +394,10 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *
+ return AVERROR_INVALIDDATA;
+ }
+ data_len[j] = len;
+- xd_size += len;
++ xd_size += len + 1 + len/255;
+ }
+
+- ret = ff_alloc_extradata(st->codecpar, 64 + xd_size + xd_size / 255);
++ ret = ff_alloc_extradata(st->codecpar, xd_size);
+ if (ret < 0)
+ return ret;
+
+@@ -405,9 +406,7 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *
+
+ for (j = 0; j < num_data - 1; j++) {
+ unsigned delta = av_xiphlacing(&p[offset], data_len[j]);
+- if (delta > data_len[j]) {
+- return AVERROR_INVALIDDATA;
+- }
++ av_assert0(delta <= xd_size - offset);
+ offset += delta;
+ }
+
+@@ -418,6 +417,7 @@ static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *
+ av_freep(&st->codecpar->extradata);
+ break;
+ }
++ av_assert0(data_len[j] <= xd_size - offset);
+ offset += data_len[j];
+ }
+
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch
new file mode 100644
index 0000000000..ddab8e9aca
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2020-35965.patch
@@ -0,0 +1,35 @@
+From 3e5959b3457f7f1856d997261e6ac672bba49e8b Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 24 Oct 2020 22:21:48 +0200
+Subject: [PATCH] avcodec/exr: Check ymin vs. h
+
+Fixes: out of array access
+Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
+Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+Upstream-Status: Backport [https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b]
+
+CVE: CVE-2020-35965
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
+---
+ libavcodec/exr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavcodec/exr.c b/libavcodec/exr.c
+index e907c5c46401..8b701d1cd298 100644
+--- a/libavcodec/exr.c
++++ b/libavcodec/exr.c
+@@ -1830,7 +1830,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
+ // Zero out the start if ymin is not 0
+ for (i = 0; i < planes; i++) {
+ ptr = picture->data[i];
+- for (y = 0; y < s->ymin; y++) {
++ for (y = 0; y < FFMIN(s->ymin, s->h); y++) {
+ memset(ptr, 0, out_line_size);
+ ptr += picture->linesize[i];
+ }
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb
index 517dac7f05..f902b08811 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_4.3.1.bb
@@ -25,6 +25,9 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://mips64_cpu_detection.patch \
+ file://0001-libavutil-include-assembly-with-full-path-from-sourc.patch \
+ file://CVE-2020-35964.patch \
+ file://CVE-2020-35965.patch \
"
SRC_URI[sha256sum] = "ad009240d46e307b4e03a213a0f49c11b650e445b1f8be0dda2a9212b34d2ffb"
@@ -128,6 +131,11 @@ do_configure() {
${S}/configure ${EXTRA_OECONF}
}
+# patch out build host paths for reproducibility
+do_compile_prepend_class-target() {
+ sed -i -e "s,${WORKDIR},,g" ${B}/config.h
+}
+
PACKAGES =+ "libavcodec \
libavdevice \
libavfilter \
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-19 10:03:19 +0000