From 2f1ce5bc77c976b7011f980859b73b23f0d20d98 Mon Sep 17 00:00:00 2001
From: yangxinyu <yangxinyu@nfschina.com>
Date: Mon, 7 Jul 2025 13:29:35 +0800
Subject: [PATCH] [CVE] fix cve-2025-48175 to #bug21110 fix cve-2025-48175
 Project: TC2024080204 Signed-off-by:yangxinyu <yangxinyu@nfschina.com>

---
 fix-cve-2025-48175.patch | 29 +++++++++++++++++++++++++++++
 libavif.spec             |  6 +++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 fix-cve-2025-48175.patch

diff --git a/fix-cve-2025-48175.patch b/fix-cve-2025-48175.patch
new file mode 100644
index 0000000..0b95e93
--- /dev/null
+++ b/fix-cve-2025-48175.patch
@@ -0,0 +1,29 @@
+From 57d1ea475499935dc978778f5680135f112d6ac0 Mon Sep 17 00:00:00 2001
+From: yangxinyu <yangxinyu@nfschina.com>
+Date: Mon, 7 Jul 2025 11:09:50 +0800
+Subject: [PATCH] fix-cve-2025-48175
+
+---
+ src/reformat.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/reformat.c b/src/reformat.c
+index 951c46b..f555027 100644
+--- a/src/reformat.c
++++ b/src/reformat.c
+@@ -495,9 +495,9 @@ static avifResult avifImageYUVAnyToRGBAnySlow(const avifImage * image, avifRGBIm
+     const uint8_t * uPlane = image->yuvPlanes[AVIF_CHAN_U];
+     const uint8_t * vPlane = image->yuvPlanes[AVIF_CHAN_V];
+     const uint8_t * aPlane = image->alphaPlane;
+-    const uint32_t yRowBytes = image->yuvRowBytes[AVIF_CHAN_Y];
+-    const uint32_t uRowBytes = image->yuvRowBytes[AVIF_CHAN_U];
+-    const uint32_t vRowBytes = image->yuvRowBytes[AVIF_CHAN_V];
++    const size_t yRowBytes = image->yuvRowBytes[AVIF_CHAN_Y];
++    const size_t uRowBytes = image->yuvRowBytes[AVIF_CHAN_U];
++    const size_t vRowBytes = image->yuvRowBytes[AVIF_CHAN_V];
+     const uint32_t aRowBytes = image->alphaRowBytes;
+ 
+     // Various observations and limits
+-- 
+2.27.0
+
diff --git a/libavif.spec b/libavif.spec
index b048d34..82af228 100644
--- a/libavif.spec
+++ b/libavif.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 # Build without aom
 %bcond_with aom
 # Build without SVT-AV1
@@ -14,6 +14,7 @@ License:        BSD-2-Clause
 URL:            https://github.com/AOMediaCodec/libavif
 Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 
+Patch0001:      fix-cve-2025-48175.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 %{?with_check:BuildRequires:  gtest-devel}
@@ -120,5 +121,8 @@ The %{name}-doc package contains documentation files for %{name}.
 %doc CHANGELOG.md README.md
 
 %changelog
+* Mon Jul 07 2025 yangxinyu <yangxinyu@nfschina.com> - 0.11.1-2
+- fix cve-2025-48175
+
 * Tue Mar 21 2023 Yuanhong Peng <yummypeng@linux.alibaba.com> - 0.11.1-1
 - Init from upstream
-- 
Gitee