diff options
Diffstat (limited to 'multimedia/ffmpeg/files/patch-CVE-2018-7557')
-rw-r--r-- | multimedia/ffmpeg/files/patch-CVE-2018-7557 | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/multimedia/ffmpeg/files/patch-CVE-2018-7557 b/multimedia/ffmpeg/files/patch-CVE-2018-7557 new file mode 100644 index 000000000000..c1a6d78d9cb6 --- /dev/null +++ b/multimedia/ffmpeg/files/patch-CVE-2018-7557 @@ -0,0 +1,51 @@ +commit ae49cc73f265a155e5c4b1715570aab3d9741b4d +Author: Michael Niedermayer <michael@niedermayer.cc> +Date: Mon Feb 26 03:02:48 2018 +0100 + + avcodec/utvideodec: Check subsample factors + + Fixes: Out of array read + Fixes: heap_poc + + Found-by: GwanYeong Kim <gy741.kim@gmail.com> + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> + (cherry picked from commit 7414d0bda7763f9bd69c26c068e482ab297c1c96) + Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavcodec/utvideodec.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git libavcodec/utvideodec.c libavcodec/utvideodec.c +index d888cc3cdf..ebd9d55cf2 100644 +--- libavcodec/utvideodec.c ++++ libavcodec/utvideodec.c +@@ -30,6 +30,7 @@ + #define UNCHECKED_BITSTREAM_READER 1 + + #include "libavutil/intreadwrite.h" ++#include "libavutil/pixdesc.h" + #include "avcodec.h" + #include "bswapdsp.h" + #include "bytestream.h" +@@ -789,6 +790,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, + static av_cold int decode_init(AVCodecContext *avctx) + { + UtvideoContext * const c = avctx->priv_data; ++ int h_shift, v_shift; + + c->avctx = avctx; + +@@ -886,6 +888,13 @@ static av_cold int decode_init(AVCodecContext *avctx) + return AVERROR_INVALIDDATA; + } + ++ av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, &h_shift, &v_shift); ++ if ((avctx->width & ((1<<h_shift)-1)) || ++ (avctx->height & ((1<<v_shift)-1))) { ++ avpriv_request_sample(avctx, "Odd dimensions"); ++ return AVERROR_PATCHWELCOME; ++ } ++ + return 0; + } + |