File ffmpeg-CVE-2023-50007.patch of Package ffmpeg-5
From b1942734c7cbcdc9034034373abcc9ecb9644c47
From: Paul B Mahol <onemda@gmail.com>
Date: Mon Nov 27 11:45:34 2023 +0100
Subject: avfilter/af_afwtdn: fix crash with EOF handling
References: https://bugzilla.opensuse.org/1223253
References: CVE-2023-50007
diff -Nura ffmpeg-5.1.4/libavfilter/af_afwtdn.c ffmpeg-5.1.4_new/libavfilter/af_afwtdn.c
--- ffmpeg-5.1.4/libavfilter/af_afwtdn.c 2023-11-10 07:38:51.000000000 +0800
+++ ffmpeg-5.1.4_new/libavfilter/af_afwtdn.c 2024-04-25 16:14:12.016919074 +0800
@@ -410,6 +410,7 @@
uint64_t sn;
int64_t eof_pts;
+ int eof;
int wavelet_type;
int channels;
@@ -1071,7 +1072,7 @@
s->drop_samples = 0;
} else {
if (s->padd_samples < 0 && eof) {
- out->nb_samples += s->padd_samples;
+ out->nb_samples = FFMAX(0, out->nb_samples + s->padd_samples);
s->padd_samples = 0;
}
if (!eof)
@@ -1210,23 +1211,26 @@
FF_FILTER_FORWARD_STATUS_BACK(outlink, inlink);
- ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
- if (ret < 0)
- return ret;
- if (ret > 0)
- return filter_frame(inlink, in);
+ if (!s->eof) {
+ ret = ff_inlink_consume_samples(inlink, s->nb_samples, s->nb_samples, &in);
+ if (ret < 0)
+ return ret;
+ if (ret > 0)
+ return filter_frame(inlink, in);
+ }
if (ff_inlink_acknowledge_status(inlink, &status, &pts)) {
- if (status == AVERROR_EOF) {
- while (s->padd_samples != 0) {
- ret = filter_frame(inlink, NULL);
- if (ret < 0)
- return ret;
- }
- ff_outlink_set_status(outlink, status, pts);
- return ret;
- }
+ if (status == AVERROR_EOF)
+ s->eof = 1;
}
+
+ if (s->eof && s->padd_samples != 0) {
+ return filter_frame(inlink, NULL);
+ } else if (s->eof) {
+ ff_outlink_set_status(outlink, AVERROR_EOF, s->eof_pts);
+ return 0;
+ }
+
FF_FILTER_FORWARD_WANTED(outlink, inlink);
return FFERROR_NOT_READY;