svn commit: r452947 - in branches/2017Q4/multimedia/ffmpeg: . files
Jan Beich
jbeich at FreeBSD.org
Thu Oct 26 19:31:20 UTC 2017
Author: jbeich
Date: Thu Oct 26 19:31:18 2017
New Revision: 452947
URL: https://svnweb.freebsd.org/changeset/ports/452947
Log:
multimedia/ffmpeg: backport DoS fix for AVI (direct commit)
FFmpeg 3.4 (via r452570) already contains the fix but 3.3.5 hasn't
been released yet.
Obtained from: upstream (FFmpeg 3.3 relbranch)
Security: CVE-2017-15186
Approved by: ports-secteam blanket
Added:
branches/2017Q4/multimedia/ffmpeg/files/patch-CVE-2017-15186 (contents, props changed)
Modified:
branches/2017Q4/multimedia/ffmpeg/Makefile
Modified: branches/2017Q4/multimedia/ffmpeg/Makefile
==============================================================================
--- branches/2017Q4/multimedia/ffmpeg/Makefile Thu Oct 26 19:26:52 2017 (r452946)
+++ branches/2017Q4/multimedia/ffmpeg/Makefile Thu Oct 26 19:31:18 2017 (r452947)
@@ -3,6 +3,7 @@
PORTNAME= ffmpeg
PORTVERSION= 3.3.4
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= multimedia audio ipv6 net
MASTER_SITES= http://ffmpeg.org/releases/
Added: branches/2017Q4/multimedia/ffmpeg/files/patch-CVE-2017-15186
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q4/multimedia/ffmpeg/files/patch-CVE-2017-15186 Thu Oct 26 19:31:18 2017 (r452947)
@@ -0,0 +1,70 @@
+commit 0a231e7dd32bdea4b2fc1c48040047986d1d4925
+Author: Michael Niedermayer <michael at niedermayer.cc>
+Date: Sat Sep 30 00:20:09 2017 +0200
+
+ avcodec/x86/lossless_videoencdsp: Fix handling of small widths
+
+ Fixes out of array access
+ Fixes: crash-huf.avi
+
+ Regression since: 6b41b4414934cc930468ccd5db598dd6ef643987
+
+ This could also be fixed by adding checks in the C code that calls the dsp
+
+ Found-by: Zhibin Hu and 连一汉 <lianyihan at 360.cn>
+ Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
+ (cherry picked from commit df62b70de8aaa285168e72fe8f6e740843ca91fa)
+ Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
+
+--- libavcodec/x86/lossless_videoencdsp.asm.orig 2017-09-12 00:51:34 UTC
++++ libavcodec/x86/lossless_videoencdsp.asm
+@@ -42,10 +42,11 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w
+ %define i t0q
+ %endmacro
+
+-; label to jump to if w < regsize
+-%macro DIFF_BYTES_LOOP_PREP 1
++; labels to jump to if w < regsize and w < 0
++%macro DIFF_BYTES_LOOP_PREP 2
+ mov i, wq
+ and i, -2 * regsize
++ js %2
+ jz %1
+ add dstq, i
+ add src1q, i
+@@ -87,7 +88,7 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w
+ %if mmsize > 16
+ ; fall back to narrower xmm
+ %define regsize mmsize / 2
+- DIFF_BYTES_LOOP_PREP .setup_loop_gpr_aa
++ DIFF_BYTES_LOOP_PREP .setup_loop_gpr_aa, .end_aa
+ .loop2_%1%2:
+ DIFF_BYTES_LOOP_CORE %1, %2, xm0, xm1
+ add i, 2 * regsize
+@@ -114,7 +115,7 @@ cglobal diff_bytes, 4,5,2, dst, src1, src2, w
+ INIT_MMX mmx
+ DIFF_BYTES_PROLOGUE
+ %define regsize mmsize
+- DIFF_BYTES_LOOP_PREP .skip_main_aa
++ DIFF_BYTES_LOOP_PREP .skip_main_aa, .end_aa
+ DIFF_BYTES_BODY a, a
+ %undef i
+ %endif
+@@ -122,7 +123,7 @@ DIFF_BYTES_PROLOGUE
+ INIT_XMM sse2
+ DIFF_BYTES_PROLOGUE
+ %define regsize mmsize
+- DIFF_BYTES_LOOP_PREP .skip_main_aa
++ DIFF_BYTES_LOOP_PREP .skip_main_aa, .end_aa
+ test dstq, regsize - 1
+ jnz .loop_uu
+ test src1q, regsize - 1
+@@ -138,7 +139,7 @@ DIFF_BYTES_PROLOGUE
+ %define regsize mmsize
+ ; Directly using unaligned SSE2 version is marginally faster than
+ ; branching based on arguments.
+- DIFF_BYTES_LOOP_PREP .skip_main_uu
++ DIFF_BYTES_LOOP_PREP .skip_main_uu, .end_uu
+ test dstq, regsize - 1
+ jnz .loop_uu
+ test src1q, regsize - 1
More information about the svn-ports-all
mailing list