File ffmpeg-CVE-2020-35965.patch of Package ffmpeg.27460

diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavcodec/exr.c ffmpeg-3.4.2.new/libavcodec/exr.c
--- ffmpeg-3.4.2.old/libavcodec/exr.c	2021-10-13 13:48:52.875605224 +0800
+++ ffmpeg-3.4.2.new/libavcodec/exr.c	2021-10-13 16:35:46.058401276 +0800
@@ -1780,7 +1780,7 @@
     ptr         = picture->data[0];
 
     // Zero out the start if ymin is not 0
-    for (y = 0; y < s->ymin; y++) {
+    for (y = 0; y < FFMIN(s->ymin, s->h); y++) {
         memset(ptr, 0, out_line_size);
         ptr += picture->linesize[0];
     }
@@ -1790,10 +1790,12 @@
     avctx->execute2(avctx, decode_block, s->thread_data, NULL, nb_blocks);
 
     // Zero out the end if ymax+1 is not h
-    ptr = picture->data[0] + ((s->ymax+1) * picture->linesize[0]);
-    for (y = s->ymax + 1; y < avctx->height; y++) {
-        memset(ptr, 0, out_line_size);
-        ptr += picture->linesize[0];
+    if ((s->ymax+1) < avctx->height) {
+        ptr = picture->data[0] + ((s->ymax+1) * picture->linesize[0]);
+        for (y = s->ymax + 1; y < avctx->height; y++) {
+            memset(ptr, 0, out_line_size);
+            ptr += picture->linesize[0];
+        }
     }
 
     picture->pict_type = AV_PICTURE_TYPE_I;
openSUSE Build Service is sponsored by