File ffmpeg-CVE-2020-35965.patch of Package ffmpeg.27460
diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavcodec/exr.c ffmpeg-3.4.2.new/libavcodec/exr.c
--- ffmpeg-3.4.2.old/libavcodec/exr.c 2021-10-13 13:48:52.875605224 +0800
+++ ffmpeg-3.4.2.new/libavcodec/exr.c 2021-10-13 16:35:46.058401276 +0800
@@ -1780,7 +1780,7 @@
ptr = picture->data[0];
// Zero out the start if ymin is not 0
- for (y = 0; y < s->ymin; y++) {
+ for (y = 0; y < FFMIN(s->ymin, s->h); y++) {
memset(ptr, 0, out_line_size);
ptr += picture->linesize[0];
}
@@ -1790,10 +1790,12 @@
avctx->execute2(avctx, decode_block, s->thread_data, NULL, nb_blocks);
// Zero out the end if ymax+1 is not h
- ptr = picture->data[0] + ((s->ymax+1) * picture->linesize[0]);
- for (y = s->ymax + 1; y < avctx->height; y++) {
- memset(ptr, 0, out_line_size);
- ptr += picture->linesize[0];
+ if ((s->ymax+1) < avctx->height) {
+ ptr = picture->data[0] + ((s->ymax+1) * picture->linesize[0]);
+ for (y = s->ymax + 1; y < avctx->height; y++) {
+ memset(ptr, 0, out_line_size);
+ ptr += picture->linesize[0];
+ }
}
picture->pict_type = AV_PICTURE_TYPE_I;