From: Good Guy Date: Sun, 16 Oct 2022 16:50:46 +0000 (-0600) Subject: Credit ffmpeg team - security fix for ffmpeg 5.1 X-Git-Tag: 2022-10~3 X-Git-Url: https://cinelerra-gg.org/git/?a=commitdiff_plain;h=5e1bee0d77e4e3997cfb33f1f3602d49cefc256c;p=goodguy%2Fcinelerra.git Credit ffmpeg team - security fix for ffmpeg 5.1 --- diff --git a/cinelerra-5.1/thirdparty/src/ffmpeg-5.1.patch6 b/cinelerra-5.1/thirdparty/src/ffmpeg-5.1.patch6 new file mode 100644 index 00000000..4e08b128 --- /dev/null +++ b/cinelerra-5.1/thirdparty/src/ffmpeg-5.1.patch6 @@ -0,0 +1,41 @@ +X-Git-Url: http://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff_plain/30bd4831e6213cee64ed950d69d1732194cc6464..6f53f0d09ea4c9c7f7354f018a87ef840315207d:/libavformat/mov.c + +diff --git a/libavformat/mov.c b/libavformat/mov.c +index a644f9ac62..2b1131b911 100644 +--- a/libavformat/mov.c ++++ b/libavformat/mov.c +@@ -3949,8 +3949,11 @@ static int build_open_gop_key_points(AVStream *st) + + /* Build an unrolled index of the samples */ + sc->sample_offsets_count = 0; +- for (uint32_t i = 0; i < sc->ctts_count; i++) ++ for (uint32_t i = 0; i < sc->ctts_count; i++) { ++ if (sc->ctts_data[i].count > INT_MAX - sc->sample_offsets_count) ++ return AVERROR(ENOMEM); + sc->sample_offsets_count += sc->ctts_data[i].count; ++ } + av_freep(&sc->sample_offsets); + sc->sample_offsets = av_calloc(sc->sample_offsets_count, sizeof(*sc->sample_offsets)); + if (!sc->sample_offsets) +@@ -3969,8 +3972,11 @@ static int build_open_gop_key_points(AVStream *st) + /* Build a list of open-GOP key samples */ + sc->open_key_samples_count = 0; + for (uint32_t i = 0; i < sc->sync_group_count; i++) +- if (sc->sync_group[i].index == cra_index) ++ if (sc->sync_group[i].index == cra_index) { ++ if (sc->sync_group[i].count > INT_MAX - sc->open_key_samples_count) ++ return AVERROR(ENOMEM); + sc->open_key_samples_count += sc->sync_group[i].count; ++ } + av_freep(&sc->open_key_samples); + sc->open_key_samples = av_calloc(sc->open_key_samples_count, sizeof(*sc->open_key_samples)); + if (!sc->open_key_samples) +@@ -3981,6 +3987,8 @@ static int build_open_gop_key_points(AVStream *st) + if (sg->index == cra_index) + for (uint32_t j = 0; j < sg->count; j++) + sc->open_key_samples[k++] = sample_id; ++ if (sg->count > INT_MAX - sample_id) ++ return AVERROR_PATCHWELCOME; + sample_id += sg->count; + } +