File ffmpeg-CVE-2019-13390.patch of Package ffmpeg.32491
diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavcodec/frame_thread_encoder.c ffmpeg-3.4.2.new/libavcodec/frame_thread_encoder.c
--- ffmpeg-3.4.2.old/libavcodec/frame_thread_encoder.c 2018-02-12 08:29:04.000000000 +0800
+++ ffmpeg-3.4.2.new/libavcodec/frame_thread_encoder.c 2023-01-18 11:37:34.589246951 +0800
@@ -209,8 +209,9 @@
int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data);
if (ret < 0)
goto fail;
- } else
+ } else if (avctx->codec->priv_data_size) {
memcpy(thread_avctx->priv_data, avctx->priv_data, avctx->codec->priv_data_size);
+ }
thread_avctx->thread_count = 1;
thread_avctx->active_thread_type &= ~FF_THREAD_FRAME;
diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavcodec/j2kenc.c ffmpeg-3.4.2.new/libavcodec/j2kenc.c
--- ffmpeg-3.4.2.old/libavcodec/j2kenc.c 2018-01-13 10:33:15.000000000 +0800
+++ ffmpeg-3.4.2.new/libavcodec/j2kenc.c 2023-01-18 11:37:32.402581658 +0800
@@ -519,13 +519,13 @@
mask = ~((1<<NMSEDEC_FRACBITS)-1);
for (i = 0; i < (1 << NMSEDEC_BITS); i++){
- lut_nmsedec_sig[i] = FFMAX(6*i - (9<<NMSEDEC_FRACBITS-1) << 12-NMSEDEC_FRACBITS, 0);
+ lut_nmsedec_sig[i] = FFMAX((3 * i << (13 - NMSEDEC_FRACBITS)) - (9 << 11), 0);
lut_nmsedec_sig0[i] = FFMAX((i*i + (1<<NMSEDEC_FRACBITS-1) & mask) << 1, 0);
a = (i >> (NMSEDEC_BITS-2)&2) + 1;
- lut_nmsedec_ref[i] = FFMAX((-2*i + (1<<NMSEDEC_FRACBITS) + a*i - (a*a<<NMSEDEC_FRACBITS-2))
- << 13-NMSEDEC_FRACBITS, 0);
- lut_nmsedec_ref0[i] = FFMAX(((i*i + (1-4*i << NMSEDEC_FRACBITS-1) + (1<<2*NMSEDEC_FRACBITS)) & mask)
+ lut_nmsedec_ref[i] = FFMAX((a - 2) * (i << (13 - NMSEDEC_FRACBITS)) +
+ (1 << 13) - (a * a << 11), 0);
+ lut_nmsedec_ref0[i] = FFMAX(((i * i - (i << NMSEDEC_BITS) + (1 << 2 * NMSEDEC_FRACBITS) + (1 << (NMSEDEC_FRACBITS - 1))) & mask)
<< 1, 0);
}
}
@@ -924,7 +924,7 @@
for (y = yy0; y < yy1; y++){
int *ptr = t1.data + (y-yy0)*t1.stride;
for (x = xx0; x < xx1; x++){
- *ptr++ = comp->i_data[(comp->coord[0][1] - comp->coord[0][0]) * y + x] << NMSEDEC_FRACBITS;
+ *ptr++ = comp->i_data[(comp->coord[0][1] - comp->coord[0][0]) * y + x] * (1 << NMSEDEC_FRACBITS);
}
}
} else{
diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavcodec/r210enc.c ffmpeg-3.4.2.new/libavcodec/r210enc.c
--- ffmpeg-3.4.2.old/libavcodec/r210enc.c 2018-02-12 08:29:05.000000000 +0800
+++ ffmpeg-3.4.2.new/libavcodec/r210enc.c 2023-01-18 11:39:03.599191523 +0800
@@ -56,9 +56,9 @@
uint16_t *src = (uint16_t *)src_line;
for (j = 0; j < avctx->width; j++) {
uint32_t pixel;
- uint16_t r = *src++ >> 6;
- uint16_t g = *src++ >> 6;
- uint16_t b = *src++ >> 6;
+ unsigned r = *src++ >> 6;
+ unsigned g = *src++ >> 6;
+ unsigned b = *src++ >> 6;
if (avctx->codec_id == AV_CODEC_ID_R210)
pixel = (r << 20) | (g << 10) | b;
else
diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavcodec/vc2enc_dwt.c ffmpeg-3.4.2.new/libavcodec/vc2enc_dwt.c
--- ffmpeg-3.4.2.old/libavcodec/vc2enc_dwt.c 2018-01-13 10:33:15.000000000 +0800
+++ ffmpeg-3.4.2.new/libavcodec/vc2enc_dwt.c 2023-01-18 11:37:30.409249581 +0800
@@ -66,7 +66,7 @@
*/
for (y = 0; y < synth_height; y++) {
for (x = 0; x < synth_width; x++)
- synthl[x] = datal[x] << 1;
+ synthl[x] = datal[x] * 2;
synthl += synth_width;
datal += stride;
}
diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavformat/rawenc.c ffmpeg-3.4.2.new/libavformat/rawenc.c
--- ffmpeg-3.4.2.old/libavformat/rawenc.c 2018-02-12 08:29:06.000000000 +0800
+++ ffmpeg-3.4.2.new/libavformat/rawenc.c 2023-01-18 11:37:27.745917931 +0800
@@ -39,6 +39,18 @@
s->oformat->name);
return AVERROR(EINVAL);
}
+ if ( s->oformat->audio_codec != AV_CODEC_ID_NONE
+ && s->streams[0]->codecpar->codec_type != AVMEDIA_TYPE_AUDIO) {
+ av_log(s, AV_LOG_ERROR, "%s files have exactly one audio stream\n",
+ s->oformat->name);
+ return AVERROR(EINVAL);
+ }
+ if ( s->oformat->video_codec != AV_CODEC_ID_NONE
+ && s->streams[0]->codecpar->codec_type != AVMEDIA_TYPE_VIDEO) {
+ av_log(s, AV_LOG_ERROR, "%s files have exactly one video stream\n",
+ s->oformat->name);
+ return AVERROR(EINVAL);
+ }
return 0;
}