rpms/libvpx
5
0
Fork 0
Code Issues Pull Requests Releases Activity

fix for CVE-2017-13194

Browse Source
This commit is contained in:
Wim Taymans 2018-01-17 10:01:09 +01:00
parent 470b362845
commit 1c8d556fbc
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
0001-Fix-image-width-alignment.-Enable-ImageSizeSetting-t.patch Normal file
View File

@ -0,0 +1,54 @@
From 5a40c8fde11bf82cccb5bd2f57c46ab5e6262cbf Mon Sep 17 00:00:00 2001
From: Jerome Jiang <jianj@google.com>
Date: Wed, 27 Sep 2017 11:08:37 -0700
Subject: [PATCH] Fix image width alignment. Enable ImageSizeSetting test.
BUG=b/64710201
Change-Id: I5465f6c6481d3c9a5e00fcab024cf4ae562b6b01
diff --git a/vpx/src/vpx_image.c b/vpx/src/vpx_image.c
index dba439c10..ebd3d7f74 100644
--- a/vpx/src/vpx_image.c
+++ b/vpx/src/vpx_image.c
@@ -88,11 +88,10 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt,
default: ycs = 0; break;
}
- /* Calculate storage sizes given the chroma subsampling */
- align = (1 << xcs) - 1;
- w = (d_w + align) & ~align;
- align = (1 << ycs) - 1;
- h = (d_h + align) & ~align;
+ /* Calculate storage sizes. If the buffer was allocated externally, the width
+ * and height shouldn't be adjusted. */
+ w = d_w;
+ h = d_h;
s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
s = (s + stride_align - 1) & ~(stride_align - 1);
stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
@@ -111,9 +110,18 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt,
img->img_data = img_data;
if (!img_data) {
- const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR)
- ? (uint64_t)h * s * bps / 8
- : (uint64_t)h * s;
+ uint64_t alloc_size;
+ /* Calculate storage sizes given the chroma subsampling */
+ align = xcs ? (1 << xcs) - 1 : 1;
+ w = (d_w + align - 1) & ~(align - 1);
+ align = ycs ? (1 << ycs) - 1 : 1;
+ h = (d_h + align - 1) & ~(align - 1);
+
+ s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
+ s = (s + stride_align - 1) & ~(stride_align - 1);
+ stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+ alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8
+ : (uint64_t)h * s;
if (alloc_size != (size_t)alloc_size) goto fail;
--
2.14.3

9
libvpx.spec
View File

@ -6,7 +6,7 @@
Name: libvpx Name: libvpx
Summary: VP8/VP9 Video Codec SDK Summary: VP8/VP9 Video Codec SDK
Version: 1.6.1 Version: 1.6.1
Release: 4%{?dist} Release: 5%{?dist}
License: BSD License: BSD
Group: System Environment/Libraries Group: System Environment/Libraries
#Source0: http://downloads.webmproject.org/releases/webm/%{name}-%{version}.tar.bz2 #Source0: http://downloads.webmproject.org/releases/webm/%{name}-%{version}.tar.bz2
@ -19,6 +19,9 @@ BuildRequires: yasm
%endif %endif
BuildRequires: doxygen, php-cli, perl(Getopt::Long) BuildRequires: doxygen, php-cli, perl(Getopt::Long)
#Fix CVE-2017-13194
Patch001: 0001-Fix-image-width-alignment.-Enable-ImageSizeSetting-t.patch
%description %description
libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications
with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs
@ -44,6 +47,7 @@ and decoder.
%prep %prep
%setup -q -n libvpx-%{version} %setup -q -n libvpx-%{version}
%patch001 -p1 -b .001
%build %build
%ifarch %{ix86} %ifarch %{ix86}
@ -189,6 +193,9 @@ popd
%{_bindir}/* %{_bindir}/*
%changelog %changelog
* Wed Jan 17 2018 Wim Taymans <wtaymans@wredhat.com> - 1.6.1-5
- fix for CVE-2017-13194
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild