From 8d653795a40161f8afe7a5797524676911ef73d6 Mon Sep 17 00:00:00 2001 From: yangjinlin01 Date: Sat, 10 May 2025 11:55:29 +0800 Subject: [PATCH] [CVE] FIX CVE-2024-31578 to #12440 add patch to fix CVE-2024-31578 Project: TC2024080204 Signed-off-by: yangjinlin01 --- 0003-fix-cve-2024-31578.patch | 41 +++++++++++++++++++++++++++++++++++ ffmpeg.spec | 6 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 0003-fix-cve-2024-31578.patch diff --git a/0003-fix-cve-2024-31578.patch b/0003-fix-cve-2024-31578.patch new file mode 100644 index 0000000..6957b03 --- /dev/null +++ b/0003-fix-cve-2024-31578.patch @@ -0,0 +1,41 @@ +From 3bb00c0a420c3ce83c6fafee30270d69622ccad7 Mon Sep 17 00:00:00 2001 +From: Zhao Zhili +Date: Tue, 20 Feb 2024 20:08:55 +0800 +Subject: [PATCH] avutil/hwcontext: Don't assume frames_uninit is reentrant + +Fix heap use after free when vulkan_frames_init failed. + +Signed-off-by: Zhao Zhili +--- + libavutil/hwcontext.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c +index 1d2c2d79208c5..aa1329bf2bcc7 100644 +--- a/libavutil/hwcontext.c ++++ b/libavutil/hwcontext.c +@@ -359,7 +359,7 @@ int av_hwframe_ctx_init(AVBufferRef *ref) + if (ctx->internal->hw_type->frames_init) { + ret = ctx->internal->hw_type->frames_init(ctx); + if (ret < 0) +- goto fail; ++ return ret; + } + + if (ctx->internal->pool_internal && !ctx->pool) +@@ -369,14 +369,10 @@ int av_hwframe_ctx_init(AVBufferRef *ref) + if (ctx->initial_pool_size > 0) { + ret = hwframe_pool_prealloc(ref); + if (ret < 0) +- goto fail; ++ return ret; + } + + return 0; +-fail: +- if (ctx->internal->hw_type->frames_uninit) +- ctx->internal->hw_type->frames_uninit(ctx); +- return ret; + } + + int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref, diff --git a/ffmpeg.spec b/ffmpeg.spec index 5137cc2..d24c921 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -1,4 +1,4 @@ -%define anolis_release 5 +%define anolis_release 6 %global av_codec_soversion 60 %global av_device_soversion 60 @@ -22,6 +22,7 @@ URL: https://ffmpeg.org Source0: https://ffmpeg.org/releases/%{name}-%{version}.tar.xz Patch0001: 0001-avfilter-af_afwtdn-fix-crash-with-EOF-handling.patch Patch0002: 0002-avfilter-vf_colorcorrect-fix-memory-leaks.patch +Patch0003: 0003-fix-cve-2024-31578.patch BuildRequires: lame-devel >= 3.98.3 BuildRequires: libtool @@ -406,6 +407,9 @@ rm -rf %{buildroot}%{_datadir}/%{name}/examples %changelog +* Sat Apr 12 2025 yangjinlin01 - 6.1.1-6 +- fix CVE-2024-31578 + * Tue Apr 29 2025 zjl02254423 - 6.1.1-5 - Rebuild for libtheora 1.2.0 -- Gitee