From 92acc8cbe8e1d22f67d1595e44b8785a8703e676 Mon Sep 17 00:00:00 2001
From: yangjinlin01 <yangjinlin01@inspur.com>
Date: Thu, 12 Jun 2025 16:07:00 +0800
Subject: [PATCH] [CVE] FIX CVE-2025-48174

to #21111
Commit fix cve-2025-48174
Project: TC2024080204
Signed-off-by: yangjinlin01 <yangjinlin01@inspur.com>
---
 0001-fix-CVE-2025-48174.patch | 23 +++++++++++++++++++++++
 libavif.spec                  |  6 +++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 0001-fix-CVE-2025-48174.patch

diff --git a/0001-fix-CVE-2025-48174.patch b/0001-fix-CVE-2025-48174.patch
new file mode 100644
index 0000000..77c1d2d
--- /dev/null
+++ b/0001-fix-CVE-2025-48174.patch
@@ -0,0 +1,23 @@
+From e5fdefe7d1776e6c4cf1703c163a8c0535599029 Mon Sep 17 00:00:00 2001
+From: DanisJiang <43723722+DanisJiang@users.noreply.github.com>
+Date: Fri, 18 Apr 2025 17:31:53 +0800
+Subject: [PATCH] Add integer overflow checks to makeRoom.
+
+---
+ src/stream.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/stream.c b/src/stream.c
+index 770c8ba042..41252f89d9 100644
+--- a/src/stream.c
++++ b/src/stream.c
+@@ -235,6 +235,9 @@ avifBool avifROStreamReadAndEnforceVersion(avifROStream * stream, uint8_t enforc
+ static void makeRoom(avifRWStream * stream, size_t size)
+ {
+     size_t neededSize = stream->offset + size;
++    if (neededSize < stream->offset) {
++        return AVIF_RESULT_INVALID_ARGUMENT;
++    }
+     size_t newSize = stream->raw->size;
+     while (newSize < neededSize) {
+         newSize += AVIF_STREAM_BUFFER_INCREMENT;
diff --git a/libavif.spec b/libavif.spec
index b048d34..85a709d 100644
--- a/libavif.spec
+++ b/libavif.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 # Build without aom
 %bcond_with aom
 # Build without SVT-AV1
@@ -13,6 +13,7 @@ Summary:        Library for encoding and decoding .avif files
 License:        BSD-2-Clause
 URL:            https://github.com/AOMediaCodec/libavif
 Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
+Patch0:         0001-fix-CVE-2025-48174.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -120,5 +121,8 @@ The %{name}-doc package contains documentation files for %{name}.
 %doc CHANGELOG.md README.md
 
 %changelog
+* Thu Jun 12 2025 yangjinlin01 <yangjinlin01@inspur.com> - 0.11.1-2
+- fix CVE-2025-48174
+
 * Tue Mar 21 2023 Yuanhong Peng <yummypeng@linux.alibaba.com> - 0.11.1-1
 - Init from upstream
-- 
Gitee