File ffmpeg-CVE-2020-22043.patch of Package ffmpeg.21291
diff --unified --recursive --text --new-file --color ffmpeg-3.4.2.old/libavformat/mpegenc.c ffmpeg-3.4.2.new/libavformat/mpegenc.c
--- ffmpeg-3.4.2.old/libavformat/mpegenc.c 2021-06-02 15:52:46.095508824 +0800
+++ ffmpeg-3.4.2.new/libavformat/mpegenc.c 2021-06-03 10:42:45.880563557 +0800
@@ -315,7 +315,7 @@
if (ctx->packet_size < 20 || ctx->packet_size > (1 << 23) + 10) {
av_log(ctx, AV_LOG_ERROR, "Invalid packet size %d\n",
ctx->packet_size);
- goto fail;
+ return AVERROR(EINVAL);
}
s->packet_size = ctx->packet_size;
} else
@@ -343,7 +343,7 @@
st = ctx->streams[i];
stream = av_mallocz(sizeof(StreamInfo));
if (!stream)
- goto fail;
+ return AVERROR(ENOMEM);
st->priv_data = stream;
avpriv_set_pts_info(st, 64, 1, 90000);
@@ -369,14 +369,28 @@
if (lpcm_freq_tab[j] == st->codecpar->sample_rate)
break;
}
- if (j == 4)
- goto fail;
- if (st->codecpar->channels > 8)
- return -1;
+ if (j == 4) {
+ int sr;
+ av_log(ctx, AV_LOG_ERROR, "Invalid sampling rate for PCM stream.\n");
+ av_log(ctx, AV_LOG_INFO, "Allowed sampling rates:");
+ for (sr = 0; sr < 4; sr++)
+ av_log(ctx, AV_LOG_INFO, " %d", lpcm_freq_tab[sr]);
+ av_log(ctx, AV_LOG_INFO, "\n");
+ return AVERROR(EINVAL);
+ }
+ if (st->codecpar->channels > 8) {
+ av_log(ctx, AV_LOG_ERROR, "At most 8 channels allowed for LPCM streams.\n");
+ return AVERROR(EINVAL);
+ }
stream->lpcm_header[0] = 0x0c;
stream->lpcm_header[1] = (st->codecpar->channels - 1) | (j << 4);
stream->lpcm_header[2] = 0x80;
stream->lpcm_align = st->codecpar->channels * 2;
+ } else if (st->codecpar->codec_id != AV_CODEC_ID_MP1 &&
+ st->codecpar->codec_id != AV_CODEC_ID_MP2 &&
+ st->codecpar->codec_id != AV_CODEC_ID_MP3) {
+ av_log(ctx, AV_LOG_ERROR, "Unsupported audio codec. Must be one of mp1, mp2, mp3, pcm_s16be, ac3 or dts.\n");
+ return AVERROR(EINVAL);
} else {
stream->id = mpa_id++;
}
@@ -420,7 +434,7 @@
}
stream->fifo = av_fifo_alloc(16);
if (!stream->fifo)
- goto fail;
+ return AVERROR(ENOMEM);
}
bitrate = 0;
audio_bitrate = 0;
@@ -520,11 +534,6 @@
s->system_header_size = get_system_header_size(ctx);
s->last_scr = AV_NOPTS_VALUE;
return 0;
-
-fail:
- for (i = 0; i < ctx->nb_streams; i++)
- av_freep(&ctx->streams[i]->priv_data);
- return AVERROR(ENOMEM);
}
static inline void put_timestamp(AVIOContext *pb, int id, int64_t timestamp)
@@ -1202,11 +1211,18 @@
stream = ctx->streams[i]->priv_data;
av_assert0(av_fifo_size(stream->fifo) == 0);
- av_fifo_freep(&stream->fifo);
}
return 0;
}
+static void mpeg_mux_deinit(AVFormatContext *ctx)
+{
+ for (int i = 0; i < ctx->nb_streams; i++) {
+ StreamInfo *stream = ctx->streams[i]->priv_data;
+ av_fifo_freep(&stream->fifo);
+ }
+}
+
#define OFFSET(x) offsetof(MpegMuxContext, x)
#define E AV_OPT_FLAG_ENCODING_PARAM
static const AVOption options[] = {
@@ -1236,6 +1252,7 @@
.write_header = mpeg_mux_init,
.write_packet = mpeg_mux_write_packet,
.write_trailer = mpeg_mux_end,
+ .deinit = mpeg_mux_deinit,
.priv_class = &mpeg_class,
};
#endif
@@ -1252,6 +1269,7 @@
.write_header = mpeg_mux_init,
.write_packet = mpeg_mux_write_packet,
.write_trailer = mpeg_mux_end,
+ .deinit = mpeg_mux_deinit,
.priv_class = &vcd_class,
};
#endif
@@ -1269,6 +1287,7 @@
.write_header = mpeg_mux_init,
.write_packet = mpeg_mux_write_packet,
.write_trailer = mpeg_mux_end,
+ .deinit = mpeg_mux_deinit,
.priv_class = &vob_class,
};
#endif
@@ -1287,6 +1306,7 @@
.write_header = mpeg_mux_init,
.write_packet = mpeg_mux_write_packet,
.write_trailer = mpeg_mux_end,
+ .deinit = mpeg_mux_deinit,
.priv_class = &svcd_class,
};
#endif
@@ -1305,6 +1325,7 @@
.write_header = mpeg_mux_init,
.write_packet = mpeg_mux_write_packet,
.write_trailer = mpeg_mux_end,
+ .deinit = mpeg_mux_deinit,
.priv_class = &dvd_class,
};
#endif