[SCM] libav/jessie: Apply upstream patch for CVE-2016-7424

sramacher at users.alioth.debian.org sramacher at users.alioth.debian.org
Sat Sep 24 13:28:00 UTC 2016 

The following commit has been merged in the jessie branch:
commit 19bef2e0e59233e32c02799c8b5865a62b354137
Author: Sebastian Ramacher <sebastian at ramacher.at>
Date:   Sat Sep 24 15:24:10 2016 +0200

    Apply upstream patch for CVE-2016-7424

diff --git a/debian/patches/mpegvideo_motion-Handle-edge-emulation-even-without-.patch b/debian/patches/mpegvideo_motion-Handle-edge-emulation-even-without-.patch
new file mode 100644
index 0000000..2535f8f
--- /dev/null
+++ b/debian/patches/mpegvideo_motion-Handle-edge-emulation-even-without-.patch
@@ -0,0 +1,51 @@
+From 7a1e60a834f75cc6c7cba02bb2a85edc355f50c0 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michaelni at gmx.at>
+Date: Tue, 12 Nov 2013 16:11:42 +0100
+Subject: [PATCH] mpegvideo_motion: Handle edge emulation even without
+ unrestricted_mv
+
+Fix out of bounds read.
+
+Bug-Id: 959
+Found by: F4B3CD at STARLAB and Agostino Sarubbo
+Signed-off-by: Vittorio Giovara <vittorio.giovara at gmail.com>
+
+(cherry picked from commit 136f55207521f0b03194ef5b55ba70f1635d6aee)
+Signed-off-by: Diego Biurrun <diego at biurrun.de>
+---
+ libavcodec/mpegvideo_motion.c | 19 ++++++++-----------
+ 1 file changed, 8 insertions(+), 11 deletions(-)
+
+diff --git a/libavcodec/mpegvideo_motion.c b/libavcodec/mpegvideo_motion.c
+index f33db34..a3cba98 100644
+--- a/libavcodec/mpegvideo_motion.c
++++ b/libavcodec/mpegvideo_motion.c
+@@ -209,17 +209,14 @@ static inline int hpel_motion(MpegEncContext *s,
+         dxy |= (motion_y & 1) << 1;
+     src += src_y * s->linesize + src_x;
+ 
+-    if (s->unrestricted_mv) {
+-        if ((unsigned)src_x > FFMAX(s->h_edge_pos - (motion_x & 1) - 8, 0) ||
+-            (unsigned)src_y > FFMAX(s->v_edge_pos - (motion_y & 1) - 8, 0)) {
+-            s->vdsp.emulated_edge_mc(s->edge_emu_buffer, src,
+-                                     s->linesize, s->linesize,
+-                                     9, 9,
+-                                     src_x, src_y, s->h_edge_pos,
+-                                     s->v_edge_pos);
+-            src = s->edge_emu_buffer;
+-            emu = 1;
+-        }
++    if ((unsigned)src_x > FFMAX(s->h_edge_pos - (motion_x & 1) - 8, 0) ||
++        (unsigned)src_y > FFMAX(s->v_edge_pos - (motion_y & 1) - 8, 0)) {
++        s->vdsp.emulated_edge_mc(s->edge_emu_buffer, src,
++                                 s->linesize, s->linesize,
++                                 9, 9, src_x, src_y,
++                                 s->h_edge_pos, s->v_edge_pos);
++        src = s->edge_emu_buffer;
++        emu = 1;
+     }
+     pix_op[dxy](dest, src, s->linesize, 8);
+     return emu;
+-- 
+2.9.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 4d3bd8a..02ebaf8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 02-configure-disable-ebx-gcc-4.9.patch
 03-disable-configuration-warnings.patch
+mpegvideo_motion-Handle-edge-emulation-even-without-.patch

-- 
Libav/FFmpeg packaging

More information about the pkg-multimedia-commits mailing list