rpms/libvpx
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libvpx-1.7.0-8.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-11-03 06:52:32 -05:00 committed by Andrew Lukoshko
parent 6091f39529
commit 4bbc1556d0
5 changed files with 924 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SOURCES/0001-CVE-2019-9232-Fix-OOB-memory-access-on-fuzzed-data.patch Normal file
View File

@ -0,0 +1,45 @@
From 953b0b85f8462efeac179341c912617c1bae8d4c Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 25 Mar 2020 13:39:30 +0100
Subject: [PATCH 1/2] CVE-2019-9232: Fix OOB memory access on fuzzed data
vp8_norm table has 256 elements while index to it can be higher on
fuzzed data. Typecasting it to unsigned char will ensure valid range and
will trigger proper error later. Also declaring "shift" as unsigned char to
avoid UB sanitizer warning
BUG=b/122373286,b/122373822,b/122371119
---
vp8/decoder/dboolhuff.h | 2 +-
vpx_dsp/bitreader.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/vp8/decoder/dboolhuff.h b/vp8/decoder/dboolhuff.h
index 04c027cd7..f3b080509 100644
--- a/vp8/decoder/dboolhuff.h
+++ b/vp8/decoder/dboolhuff.h
@@ -76,7 +76,7 @@ static int vp8dx_decode_bool(BOOL_DECODER *br, int probability) {
}
{
- register int shift = vp8_norm[range];
+ register unsigned char shift = vp8_norm[(unsigned char)range];
range <<= shift;
value <<= shift;
count -= shift;
diff --git a/vpx_dsp/bitreader.h b/vpx_dsp/bitreader.h
index 6ee2a5863..4b87e986c 100644
--- a/vpx_dsp/bitreader.h
+++ b/vpx_dsp/bitreader.h
@@ -94,7 +94,7 @@ static INLINE int vpx_read(vpx_reader *r, int prob) {
}
{
- register int shift = vpx_norm[range];
+ register unsigned char shift = vpx_norm[(unsigned char)range];
range <<= shift;
value <<= shift;
count -= shift;
--
2.25.1

33
SOURCES/0002-CVE-2019-9433-VP8-Fix-use-after-free-in-postproc.patch Normal file
View File

@ -0,0 +1,33 @@
From 93681819b22d3f42cf5fdfa85701f38e5bab10dd Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 25 Mar 2020 13:42:07 +0100
Subject: [PATCH 2/2] CVE-2019-9433: VP8: Fix use-after-free in postproc.
The pointer in vp8 postproc refers to show_frame_mi which is only
updated on show frame. However, when there is a no-show frame which also
changes the size (thus new frame buffers allocated), show_frame_mi is
not updated with new frame buffer memory.
Change the pointer in postproc to mi which is always updated.
Bug: 842265
---
vp8/common/postproc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vp8/common/postproc.c b/vp8/common/postproc.c
index d67ee8a57..8c292d616 100644
--- a/vp8/common/postproc.c
+++ b/vp8/common/postproc.c
@@ -65,7 +65,7 @@ void vp8_deblock(VP8_COMMON *cm, YV12_BUFFER_CONFIG *source,
double level = 6.0e-05 * q * q * q - .0067 * q * q + .306 * q + .0065;
int ppl = (int)(level + .5);
- const MODE_INFO *mode_info_context = cm->show_frame_mi;
+ const MODE_INFO *mode_info_context = cm->mi;
int mbr, mbc;
/* The pixel thresholds are adjusted according to if or not the macroblock
--
2.25.1

755
SOURCES/0003-CVE-2019-9371-update-libwebm.patch Normal file
View File

@ -0,0 +1,755 @@
From ca1647dda267762c03c8641d2c605a9853a8ac59 Mon Sep 17 00:00:00 2001
From: Johann <johannkoenig@google.com>
Date: Tue, 24 Apr 2018 15:22:28 -0700
Subject: [PATCH 3/4] CVE-2019-9371: update libwebm
update libwebm to libwebm-1.0.0.27-358-gdbf1d10
---
configure | 8 +-
third_party/libwebm/AUTHORS.TXT | 8 +-
third_party/libwebm/Android.mk | 2 +-
third_party/libwebm/README.libvpx | 14 +++-
third_party/libwebm/common/file_util.cc | 19 ++++-
third_party/libwebm/common/file_util.h | 5 +-
third_party/libwebm/common/hdr_util.cc | 8 +-
third_party/libwebm/common/hdr_util.h | 10 +--
third_party/libwebm/common/webmids.h | 1 +
third_party/libwebm/mkvmuxer/mkvmuxer.cc | 77 +++++++++++++-------
third_party/libwebm/mkvmuxer/mkvmuxer.h | 5 +-
third_party/libwebm/mkvmuxer/mkvmuxerutil.cc | 13 ++--
third_party/libwebm/mkvmuxer/mkvmuxerutil.h | 3 +
third_party/libwebm/mkvmuxer/mkvwriter.cc | 2 +
third_party/libwebm/mkvparser/mkvparser.cc | 64 +++++++++++-----
third_party/libwebm/mkvparser/mkvparser.h | 6 +-
third_party/libwebm/mkvparser/mkvreader.cc | 2 +
17 files changed, 165 insertions(+), 82 deletions(-)
diff --git a/configure b/configure
index e5a74c6f2..56d203e6b 100755
--- a/configure
+++ b/configure
@@ -703,9 +703,7 @@ process_toolchain() {
check_cxx "$@" <<EOF && soft_enable unit_tests
int z;
EOF
- check_cxx "$@" <<EOF && soft_enable webm_io
-int z;
-EOF
+ check_add_cxx_flags -std=c++11 && soft_enable webm_io
check_cxx "$@" <<EOF && soft_enable libyuv
int z;
EOF
@@ -714,9 +712,7 @@ EOF
enabled pthread_h && check_cxx "$@" <<EOF && soft_enable unit_tests
int z;
EOF
- check_cxx "$@" <<EOF && soft_enable webm_io
-int z;
-EOF
+ check_add_cxx_flags -std=c++11 && soft_enable webm_io
check_cxx "$@" <<EOF && soft_enable libyuv
int z;
EOF
diff --git a/third_party/libwebm/AUTHORS.TXT b/third_party/libwebm/AUTHORS.TXT
index 8ab6f794c..9686ac13e 100644
--- a/third_party/libwebm/AUTHORS.TXT
+++ b/third_party/libwebm/AUTHORS.TXT
@@ -1,4 +1,4 @@
-# Names should be added to this file like so:
-# Name or Organization <email address>
-
-Google Inc.
+# Names should be added to this file like so:
+# Name or Organization <email address>
+
+Google Inc.
diff --git a/third_party/libwebm/Android.mk b/third_party/libwebm/Android.mk
index 8149a083f..b46ba101d 100644
--- a/third_party/libwebm/Android.mk
+++ b/third_party/libwebm/Android.mk
@@ -3,7 +3,7 @@ LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE:= libwebm
LOCAL_CPPFLAGS:=-D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS
-LOCAL_CPPFLAGS+=-D__STDC_LIMIT_MACROS -Wno-extern-c-compat
+LOCAL_CPPFLAGS+=-D__STDC_LIMIT_MACROS -std=c++11
LOCAL_C_INCLUDES:= $(LOCAL_PATH)
LOCAL_EXPORT_C_INCLUDES:= $(LOCAL_PATH)
diff --git a/third_party/libwebm/README.libvpx b/third_party/libwebm/README.libvpx
index ebb5ff2f4..16f17513e 100644
--- a/third_party/libwebm/README.libvpx
+++ b/third_party/libwebm/README.libvpx
@@ -1,5 +1,5 @@
URL: https://chromium.googlesource.com/webm/libwebm
-Version: 0ae757087f5e6eb01dfea16cc09205b2425cfb74
+Version: dbf1d1089756e7cb5b1a04d6752310ef35912347
License: BSD
License File: LICENSE.txt
@@ -7,4 +7,14 @@ Description:
libwebm is used to handle WebM container I/O.
Local Changes:
-* <none>
+Only keep:
+ - Android.mk
+ - AUTHORS.TXT
+ - common/
+ file_util.cc/h
+ hdr_util.cc/h
+ webmids.h
+ - LICENSE.TXT
+ - mkvmuxer/
+ - mkvparser/
+ - PATENTS.TXT
diff --git a/third_party/libwebm/common/file_util.cc b/third_party/libwebm/common/file_util.cc
index 6dab146dd..6eb6428b9 100644
--- a/third_party/libwebm/common/file_util.cc
+++ b/third_party/libwebm/common/file_util.cc
@@ -17,14 +17,15 @@
#include <cstring>
#include <fstream>
#include <ios>
+#include <string>
namespace libwebm {
std::string GetTempFileName() {
#if !defined _MSC_VER && !defined __MINGW32__
std::string temp_file_name_template_str =
- std::string(std::getenv("TEST_TMPDIR") ? std::getenv("TEST_TMPDIR") :
- ".") +
+ std::string(std::getenv("TEST_TMPDIR") ? std::getenv("TEST_TMPDIR")
+ : ".") +
"/libwebm_temp.XXXXXX";
char* temp_file_name_template =
new char[temp_file_name_template_str.length() + 1];
@@ -41,7 +42,12 @@ std::string GetTempFileName() {
return temp_file_name;
#else
char tmp_file_name[_MAX_PATH];
+#if defined _MSC_VER || defined MINGW_HAS_SECURE_API
errno_t err = tmpnam_s(tmp_file_name);
+#else
+ char* fname_pointer = tmpnam(tmp_file_name);
+ int err = (fname_pointer == &tmp_file_name[0]) ? 0 : -1;
+#endif
if (err == 0) {
return std::string(tmp_file_name);
}
@@ -65,6 +71,15 @@ uint64_t GetFileSize(const std::string& file_name) {
return file_size;
}
+bool GetFileContents(const std::string& file_name, std::string* contents) {
+ std::ifstream file(file_name.c_str());
+ *contents = std::string(static_cast<size_t>(GetFileSize(file_name)), 0);
+ if (file.good() && contents->size()) {
+ file.read(&(*contents)[0], contents->size());
+ }
+ return !file.fail();
+}
+
TempFileDeleter::TempFileDeleter() { file_name_ = GetTempFileName(); }
TempFileDeleter::~TempFileDeleter() {
diff --git a/third_party/libwebm/common/file_util.h b/third_party/libwebm/common/file_util.h
index 0e71eac11..a87373464 100644
--- a/third_party/libwebm/common/file_util.h
+++ b/third_party/libwebm/common/file_util.h
@@ -22,6 +22,9 @@ std::string GetTempFileName();
// Returns size of file specified by |file_name|, or 0 upon failure.
uint64_t GetFileSize(const std::string& file_name);
+// Gets the contents file_name as a string. Returns false on error.
+bool GetFileContents(const std::string& file_name, std::string* contents);
+
// Manages life of temporary file specified at time of construction. Deletes
// file upon destruction.
class TempFileDeleter {
@@ -38,4 +41,4 @@ class TempFileDeleter {
} // namespace libwebm
-#endif // LIBWEBM_COMMON_FILE_UTIL_H_
\ No newline at end of file
+#endif // LIBWEBM_COMMON_FILE_UTIL_H_
diff --git a/third_party/libwebm/common/hdr_util.cc b/third_party/libwebm/common/hdr_util.cc
index e1618ce75..916f7170b 100644
--- a/third_party/libwebm/common/hdr_util.cc
+++ b/third_party/libwebm/common/hdr_util.cc
@@ -36,10 +36,10 @@ bool CopyMasteringMetadata(const mkvparser::MasteringMetadata& parser_mm,
if (MasteringMetadataValuePresent(parser_mm.luminance_min))
muxer_mm->set_luminance_min(parser_mm.luminance_min);
- PrimaryChromaticityPtr r_ptr(NULL);
- PrimaryChromaticityPtr g_ptr(NULL);
- PrimaryChromaticityPtr b_ptr(NULL);
- PrimaryChromaticityPtr wp_ptr(NULL);
+ PrimaryChromaticityPtr r_ptr(nullptr);
+ PrimaryChromaticityPtr g_ptr(nullptr);
+ PrimaryChromaticityPtr b_ptr(nullptr);
+ PrimaryChromaticityPtr wp_ptr(nullptr);
if (parser_mm.r) {
if (!CopyPrimaryChromaticity(*parser_mm.r, &r_ptr))
diff --git a/third_party/libwebm/common/hdr_util.h b/third_party/libwebm/common/hdr_util.h
index 3ef5388fd..78e2eeb70 100644
--- a/third_party/libwebm/common/hdr_util.h
+++ b/third_party/libwebm/common/hdr_util.h
@@ -47,15 +47,7 @@ struct Vp9CodecFeatures {
int chroma_subsampling;
};
-// disable deprecation warnings for auto_ptr
-#if defined(__GNUC__) && __GNUC__ >= 5
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
-typedef std::auto_ptr<mkvmuxer::PrimaryChromaticity> PrimaryChromaticityPtr;
-#if defined(__GNUC__) && __GNUC__ >= 5
-#pragma GCC diagnostic pop
-#endif
+typedef std::unique_ptr<mkvmuxer::PrimaryChromaticity> PrimaryChromaticityPtr;
bool CopyPrimaryChromaticity(const mkvparser::PrimaryChromaticity& parser_pc,
PrimaryChromaticityPtr* muxer_pc);
diff --git a/third_party/libwebm/common/webmids.h b/third_party/libwebm/common/webmids.h
index 89d722a71..fc0c20814 100644
--- a/third_party/libwebm/common/webmids.h
+++ b/third_party/libwebm/common/webmids.h
@@ -93,6 +93,7 @@ enum MkvId {
kMkvDisplayHeight = 0x54BA,
kMkvDisplayUnit = 0x54B2,
kMkvAspectRatioType = 0x54B3,
+ kMkvColourSpace = 0x2EB524,
kMkvFrameRate = 0x2383E3,
// end video
// colour
diff --git a/third_party/libwebm/mkvmuxer/mkvmuxer.cc b/third_party/libwebm/mkvmuxer/mkvmuxer.cc
index 15b9a908d..512031211 100644
--- a/third_party/libwebm/mkvmuxer/mkvmuxer.cc
+++ b/third_party/libwebm/mkvmuxer/mkvmuxer.cc
@@ -8,6 +8,8 @@
#include "mkvmuxer/mkvmuxer.h"
+#include <stdint.h>
+
#include <cfloat>
#include <climits>
#include <cstdio>
@@ -24,11 +26,6 @@
#include "mkvmuxer/mkvwriter.h"
#include "mkvparser/mkvparser.h"
-// disable deprecation warnings for auto_ptr
-#if defined(__GNUC__) && __GNUC__ >= 5
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
-
namespace mkvmuxer {
const float PrimaryChromaticity::kChromaticityMin = 0.0f;
@@ -72,7 +69,7 @@ bool StrCpy(const char* src, char** dst_ptr) {
return true;
}
-typedef std::auto_ptr<PrimaryChromaticity> PrimaryChromaticityPtr;
+typedef std::unique_ptr<PrimaryChromaticity> PrimaryChromaticityPtr;
bool CopyChromaticity(const PrimaryChromaticity* src,
PrimaryChromaticityPtr* dst) {
if (!dst)
@@ -776,6 +773,14 @@ bool Track::Write(IMkvWriter* writer) const {
if (!type_ || !codec_id_)
return false;
+ // AV1 tracks require a CodecPrivate. See
+ // https://github.com/Matroska-Org/matroska-specification/blob/av1-mappin/codec/av1.md
+ // TODO(tomfinegan): Update the above link to the AV1 Matroska mappings to
+ // point to a stable version once it is finalized, or our own WebM mappings
+ // page on webmproject.org should we decide to release them.
+ if (!strcmp(codec_id_, Tracks::kAv1CodecId) && !codec_private_)
+ return false;
+
// |size| may be bigger than what is written out in this function because
// derived classes may write out more data in the Track element.
const uint64_t payload_size = PayloadSize();
@@ -1030,19 +1035,16 @@ bool MasteringMetadata::Write(IMkvWriter* writer) const {
!WriteEbmlElement(writer, libwebm::kMkvLuminanceMin, luminance_min_)) {
return false;
}
- if (r_ &&
- !r_->Write(writer, libwebm::kMkvPrimaryRChromaticityX,
- libwebm::kMkvPrimaryRChromaticityY)) {
+ if (r_ && !r_->Write(writer, libwebm::kMkvPrimaryRChromaticityX,
+ libwebm::kMkvPrimaryRChromaticityY)) {
return false;
}
- if (g_ &&
- !g_->Write(writer, libwebm::kMkvPrimaryGChromaticityX,
- libwebm::kMkvPrimaryGChromaticityY)) {
+ if (g_ && !g_->Write(writer, libwebm::kMkvPrimaryGChromaticityX,
+ libwebm::kMkvPrimaryGChromaticityY)) {
return false;
}
- if (b_ &&
- !b_->Write(writer, libwebm::kMkvPrimaryBChromaticityX,
- libwebm::kMkvPrimaryBChromaticityY)) {
+ if (b_ && !b_->Write(writer, libwebm::kMkvPrimaryBChromaticityX,
+ libwebm::kMkvPrimaryBChromaticityY)) {
return false;
}
if (white_point_ &&
@@ -1057,22 +1059,22 @@ bool MasteringMetadata::Write(IMkvWriter* writer) const {
bool MasteringMetadata::SetChromaticity(
const PrimaryChromaticity* r, const PrimaryChromaticity* g,
const PrimaryChromaticity* b, const PrimaryChromaticity* white_point) {
- PrimaryChromaticityPtr r_ptr(NULL);
+ PrimaryChromaticityPtr r_ptr(nullptr);
if (r) {
if (!CopyChromaticity(r, &r_ptr))
return false;
}
- PrimaryChromaticityPtr g_ptr(NULL);
+ PrimaryChromaticityPtr g_ptr(nullptr);
if (g) {
if (!CopyChromaticity(g, &g_ptr))
return false;
}
- PrimaryChromaticityPtr b_ptr(NULL);
+ PrimaryChromaticityPtr b_ptr(nullptr);
if (b) {
if (!CopyChromaticity(b, &b_ptr))
return false;
}
- PrimaryChromaticityPtr wp_ptr(NULL);
+ PrimaryChromaticityPtr wp_ptr(nullptr);
if (white_point) {
if (!CopyChromaticity(white_point, &wp_ptr))
return false;
@@ -1238,7 +1240,7 @@ bool Colour::Write(IMkvWriter* writer) const {
}
bool Colour::SetMasteringMetadata(const MasteringMetadata& mastering_metadata) {
- std::auto_ptr<MasteringMetadata> mm_ptr(new MasteringMetadata());
+ std::unique_ptr<MasteringMetadata> mm_ptr(new MasteringMetadata());
if (!mm_ptr.get())
return false;
@@ -1424,6 +1426,7 @@ VideoTrack::VideoTrack(unsigned int* seed)
stereo_mode_(0),
alpha_mode_(0),
width_(0),
+ colour_space_(NULL),
colour_(NULL),
projection_(NULL) {}
@@ -1521,6 +1524,10 @@ bool VideoTrack::Write(IMkvWriter* writer) const {
static_cast<uint64>(alpha_mode_)))
return false;
}
+ if (colour_space_) {
+ if (!WriteEbmlElement(writer, libwebm::kMkvColourSpace, colour_space_))
+ return false;
+ }
if (frame_rate_ > 0.0) {
if (!WriteEbmlElement(writer, libwebm::kMkvFrameRate,
static_cast<float>(frame_rate_))) {
@@ -1545,8 +1552,24 @@ bool VideoTrack::Write(IMkvWriter* writer) const {
return true;
}
+void VideoTrack::set_colour_space(const char* colour_space) {
+ if (colour_space) {
+ delete[] colour_space_;
+
+ const size_t length = strlen(colour_space) + 1;
+ colour_space_ = new (std::nothrow) char[length]; // NOLINT
+ if (colour_space_) {
+#ifdef _MSC_VER
+ strcpy_s(colour_space_, length, colour_space);
+#else
+ strcpy(colour_space_, colour_space);
+#endif
+ }
+ }
+}
+
bool VideoTrack::SetColour(const Colour& colour) {
- std::auto_ptr<Colour> colour_ptr(new Colour());
+ std::unique_ptr<Colour> colour_ptr(new Colour());
if (!colour_ptr.get())
return false;
@@ -1574,7 +1597,7 @@ bool VideoTrack::SetColour(const Colour& colour) {
}
bool VideoTrack::SetProjection(const Projection& projection) {
- std::auto_ptr<Projection> projection_ptr(new Projection());
+ std::unique_ptr<Projection> projection_ptr(new Projection());
if (!projection_ptr.get())
return false;
@@ -1628,6 +1651,8 @@ uint64_t VideoTrack::VideoPayloadSize() const {
if (frame_rate_ > 0.0)
size += EbmlElementSize(libwebm::kMkvFrameRate,
static_cast<float>(frame_rate_));
+ if (colour_space_)
+ size += EbmlElementSize(libwebm::kMkvColourSpace, colour_space_);
if (colour_)
size += colour_->ColourSize();
if (projection_)
@@ -1705,9 +1730,9 @@ bool AudioTrack::Write(IMkvWriter* writer) const {
const char Tracks::kOpusCodecId[] = "A_OPUS";
const char Tracks::kVorbisCodecId[] = "A_VORBIS";
+const char Tracks::kAv1CodecId[] = "V_AV1";
const char Tracks::kVp8CodecId[] = "V_VP8";
const char Tracks::kVp9CodecId[] = "V_VP9";
-const char Tracks::kVp10CodecId[] = "V_VP10";
const char Tracks::kWebVttCaptionsId[] = "D_WEBVTT/CAPTIONS";
const char Tracks::kWebVttDescriptionsId[] = "D_WEBVTT/DESCRIPTIONS";
const char Tracks::kWebVttMetadataId[] = "D_WEBVTT/METADATA";
@@ -2666,7 +2691,7 @@ bool Cluster::QueueOrWriteFrame(const Frame* const frame) {
// and write it if it is okay to do so (i.e.) no other track has an held back
// frame with timestamp <= the timestamp of the frame in question.
std::vector<std::list<Frame*>::iterator> frames_to_erase;
- for (std::list<Frame *>::iterator
+ for (std::list<Frame*>::iterator
current_track_iterator = stored_frames_[track_number].begin(),
end = --stored_frames_[track_number].end();
current_track_iterator != end; ++current_track_iterator) {
@@ -4168,8 +4193,8 @@ bool Segment::DocTypeIsWebm() const {
// TODO(vigneshv): Tweak .clang-format.
const char* kWebmCodecIds[kNumCodecIds] = {
Tracks::kOpusCodecId, Tracks::kVorbisCodecId,
- Tracks::kVp8CodecId, Tracks::kVp9CodecId,
- Tracks::kVp10CodecId, Tracks::kWebVttCaptionsId,
+ Tracks::kAv1CodecId, Tracks::kVp8CodecId,
+ Tracks::kVp9CodecId, Tracks::kWebVttCaptionsId,
Tracks::kWebVttDescriptionsId, Tracks::kWebVttMetadataId,
Tracks::kWebVttSubtitlesId};
diff --git a/third_party/libwebm/mkvmuxer/mkvmuxer.h b/third_party/libwebm/mkvmuxer/mkvmuxer.h
index 46b0029dc..f2db37714 100644
--- a/third_party/libwebm/mkvmuxer/mkvmuxer.h
+++ b/third_party/libwebm/mkvmuxer/mkvmuxer.h
@@ -795,6 +795,8 @@ class VideoTrack : public Track {
uint64_t alpha_mode() { return alpha_mode_; }
void set_width(uint64_t width) { width_ = width; }
uint64_t width() const { return width_; }
+ void set_colour_space(const char* colour_space);
+ const char* colour_space() const { return colour_space_; }
Colour* colour() { return colour_; }
@@ -824,6 +826,7 @@ class VideoTrack : public Track {
uint64_t stereo_mode_;
uint64_t alpha_mode_;
uint64_t width_;
+ char* colour_space_;
Colour* colour_;
Projection* projection_;
@@ -871,9 +874,9 @@ class Tracks {
static const char kOpusCodecId[];
static const char kVorbisCodecId[];
+ static const char kAv1CodecId[];
static const char kVp8CodecId[];
static const char kVp9CodecId[];
- static const char kVp10CodecId[];
static const char kWebVttCaptionsId[];
static const char kWebVttDescriptionsId[];
static const char kWebVttMetadataId[];
diff --git a/third_party/libwebm/mkvmuxer/mkvmuxerutil.cc b/third_party/libwebm/mkvmuxer/mkvmuxerutil.cc
index 355d4e22b..7636a9f4e 100644
--- a/third_party/libwebm/mkvmuxer/mkvmuxerutil.cc
+++ b/third_party/libwebm/mkvmuxer/mkvmuxerutil.cc
@@ -136,9 +136,8 @@ uint64 WriteBlock(IMkvWriter* writer, const Frame* const frame, int64 timecode,
return false;
}
- if (!frame->is_key() &&
- !WriteEbmlElement(writer, libwebm::kMkvReferenceBlock,
- reference_block_timestamp)) {
+ if (!frame->is_key() && !WriteEbmlElement(writer, libwebm::kMkvReferenceBlock,
+ reference_block_timestamp)) {
return false;
}
@@ -563,10 +562,10 @@ uint64 WriteFrame(IMkvWriter* writer, const Frame* const frame,
if (relative_timecode < 0 || relative_timecode > kMaxBlockTimecode)
return 0;
- return frame->CanBeSimpleBlock() ?
- WriteSimpleBlock(writer, frame, relative_timecode) :
- WriteBlock(writer, frame, relative_timecode,
- cluster->timecode_scale());
+ return frame->CanBeSimpleBlock()
+ ? WriteSimpleBlock(writer, frame, relative_timecode)
+ : WriteBlock(writer, frame, relative_timecode,
+ cluster->timecode_scale());
}
uint64 WriteVoidElement(IMkvWriter* writer, uint64 size) {
diff --git a/third_party/libwebm/mkvmuxer/mkvmuxerutil.h b/third_party/libwebm/mkvmuxer/mkvmuxerutil.h
index 132388da5..3355428bd 100644
--- a/third_party/libwebm/mkvmuxer/mkvmuxerutil.h
+++ b/third_party/libwebm/mkvmuxer/mkvmuxerutil.h
@@ -31,6 +31,9 @@ const int64 kMaxBlockTimecode = 0x07FFFLL;
// Writes out |value| in Big Endian order. Returns 0 on success.
int32 SerializeInt(IMkvWriter* writer, int64 value, int32 size);
+// Writes out |f| in Big Endian order. Returns 0 on success.
+int32 SerializeFloat(IMkvWriter* writer, float f);
+
// Returns the size in bytes of the element.
int32 GetUIntSize(uint64 value);
int32 GetIntSize(int64 value);
diff --git a/third_party/libwebm/mkvmuxer/mkvwriter.cc b/third_party/libwebm/mkvmuxer/mkvwriter.cc
index 84655d802..d668384d8 100644
--- a/third_party/libwebm/mkvmuxer/mkvwriter.cc
+++ b/third_party/libwebm/mkvmuxer/mkvwriter.cc
@@ -78,6 +78,8 @@ int32 MkvWriter::Position(int64 position) {
#ifdef _MSC_VER
return _fseeki64(file_, position, SEEK_SET);
+#elif defined(_WIN32)
+ return fseeko64(file_, static_cast<off_t>(position), SEEK_SET);
#else
return fseeko(file_, static_cast<off_t>(position), SEEK_SET);
#endif
diff --git a/third_party/libwebm/mkvparser/mkvparser.cc b/third_party/libwebm/mkvparser/mkvparser.cc
index 37f230d0a..dcb969dcf 100644
--- a/third_party/libwebm/mkvparser/mkvparser.cc
+++ b/third_party/libwebm/mkvparser/mkvparser.cc
@@ -22,12 +22,8 @@
#include "common/webmids.h"
-// disable deprecation warnings for auto_ptr
-#if defined(__GNUC__) && __GNUC__ >= 5
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
-
namespace mkvparser {
+const long long kStringElementSizeLimit = 20 * 1000 * 1000;
const float MasteringMetadata::kValueNotPresent = FLT_MAX;
const long long Colour::kValueNotPresent = LLONG_MAX;
const float Projection::kValueNotPresent = FLT_MAX;
@@ -40,8 +36,6 @@ inline bool isnan(double val) { return std::isnan(val); }
inline bool isinf(double val) { return std::isinf(val); }
#endif // MSC_COMPAT
-IMkvReader::~IMkvReader() {}
-
template <typename Type>
Type* SafeArrayAlloc(unsigned long long num_elements,
unsigned long long element_size) {
@@ -330,7 +324,7 @@ long UnserializeString(IMkvReader* pReader, long long pos, long long size,
delete[] str;
str = NULL;
- if (size >= LONG_MAX || size < 0)
+ if (size >= LONG_MAX || size < 0 || size > kStringElementSizeLimit)
return E_FILE_FORMAT_INVALID;
// +1 for '\0' terminator
@@ -5015,7 +5009,7 @@ bool MasteringMetadata::Parse(IMkvReader* reader, long long mm_start,
if (!reader || *mm)
return false;
- std::auto_ptr<MasteringMetadata> mm_ptr(new MasteringMetadata());
+ std::unique_ptr<MasteringMetadata> mm_ptr(new MasteringMetadata());
if (!mm_ptr.get())
return false;
@@ -5035,6 +5029,10 @@ bool MasteringMetadata::Parse(IMkvReader* reader, long long mm_start,
double value = 0;
const long long value_parse_status =
UnserializeFloat(reader, read_pos, child_size, value);
+ if (value < -FLT_MAX || value > FLT_MAX ||
+ (value > 0.0 && value < FLT_MIN)) {
+ return false;
+ }
mm_ptr->luminance_max = static_cast<float>(value);
if (value_parse_status < 0 || mm_ptr->luminance_max < 0.0 ||
mm_ptr->luminance_max > 9999.99) {
@@ -5044,6 +5042,10 @@ bool MasteringMetadata::Parse(IMkvReader* reader, long long mm_start,
double value = 0;
const long long value_parse_status =
UnserializeFloat(reader, read_pos, child_size, value);
+ if (value < -FLT_MAX || value > FLT_MAX ||
+ (value > 0.0 && value < FLT_MIN)) {
+ return false;
+ }
mm_ptr->luminance_min = static_cast<float>(value);
if (value_parse_status < 0 || mm_ptr->luminance_min < 0.0 ||
mm_ptr->luminance_min > 999.9999) {
@@ -5096,7 +5098,7 @@ bool Colour::Parse(IMkvReader* reader, long long colour_start,
if (!reader || *colour)
return false;
- std::auto_ptr<Colour> colour_ptr(new Colour());
+ std::unique_ptr<Colour> colour_ptr(new Colour());
if (!colour_ptr.get())
return false;
@@ -5194,7 +5196,7 @@ bool Projection::Parse(IMkvReader* reader, long long start, long long size,
if (!reader || *projection)
return false;
- std::auto_ptr<Projection> projection_ptr(new Projection());
+ std::unique_ptr<Projection> projection_ptr(new Projection());
if (!projection_ptr.get())
return false;
@@ -5270,6 +5272,7 @@ bool Projection::Parse(IMkvReader* reader, long long start, long long size,
VideoTrack::VideoTrack(Segment* pSegment, long long element_start,
long long element_size)
: Track(pSegment, element_start, element_size),
+ m_colour_space(NULL),
m_colour(NULL),
m_projection(NULL) {}
@@ -5295,6 +5298,7 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info,
long long stereo_mode = 0;
double rate = 0.0;
+ char* colour_space = NULL;
IMkvReader* const pReader = pSegment->m_pReader;
@@ -5307,8 +5311,8 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info,
const long long stop = pos + s.size;
- Colour* colour = NULL;
- Projection* projection = NULL;
+ std::unique_ptr<Colour> colour_ptr;
+ std::unique_ptr<Projection> projection_ptr;
while (pos < stop) {
long long id, size;
@@ -5357,11 +5361,23 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info,
if (rate <= 0)
return E_FILE_FORMAT_INVALID;
} else if (id == libwebm::kMkvColour) {
- if (!Colour::Parse(pReader, pos, size, &colour))
+ Colour* colour = NULL;
+ if (!Colour::Parse(pReader, pos, size, &colour)) {
return E_FILE_FORMAT_INVALID;
+ } else {
+ colour_ptr.reset(colour);
+ }
} else if (id == libwebm::kMkvProjection) {
- if (!Projection::Parse(pReader, pos, size, &projection))
+ Projection* projection = NULL;
+ if (!Projection::Parse(pReader, pos, size, &projection)) {
return E_FILE_FORMAT_INVALID;
+ } else {
+ projection_ptr.reset(projection);
+ }
+ } else if (id == libwebm::kMkvColourSpace) {
+ const long status = UnserializeString(pReader, pos, size, colour_space);
+ if (status < 0)
+ return status;
}
pos += size; // consume payload
@@ -5392,8 +5408,9 @@ long VideoTrack::Parse(Segment* pSegment, const Info& info,
pTrack->m_display_unit = display_unit;
pTrack->m_stereo_mode = stereo_mode;
pTrack->m_rate = rate;
- pTrack->m_colour = colour;
- pTrack->m_projection = projection;
+ pTrack->m_colour = colour_ptr.release();
+ pTrack->m_colour_space = colour_space;
+ pTrack->m_projection = projection_ptr.release();
pResult = pTrack;
return 0; // success
@@ -7903,6 +7920,10 @@ long Block::Parse(const Cluster* pCluster) {
return E_FILE_FORMAT_INVALID;
curr.len = static_cast<long>(frame_size);
+ // Check if size + curr.len could overflow.
+ if (size > LLONG_MAX - curr.len) {
+ return E_FILE_FORMAT_INVALID;
+ }
size += curr.len; // contribution of this frame
--frame_count;
@@ -7964,6 +7985,11 @@ long long Block::GetTimeCode(const Cluster* pCluster) const {
const long long tc0 = pCluster->GetTimeCode();
assert(tc0 >= 0);
+ // Check if tc0 + m_timecode would overflow.
+ if (tc0 < 0 || LLONG_MAX - tc0 < m_timecode) {
+ return -1;
+ }
+
const long long tc = tc0 + m_timecode;
return tc; // unscaled timecode units
@@ -7981,6 +8007,10 @@ long long Block::GetTime(const Cluster* pCluster) const {
const long long scale = pInfo->GetTimeCodeScale();
assert(scale >= 1);
+ // Check if tc * scale could overflow.
+ if (tc != 0 && scale > LLONG_MAX / tc) {
+ return -1;
+ }
const long long ns = tc * scale;
return ns;
diff --git a/third_party/libwebm/mkvparser/mkvparser.h b/third_party/libwebm/mkvparser/mkvparser.h
index 26c2b7e5e..848d01f03 100644
--- a/third_party/libwebm/mkvparser/mkvparser.h
+++ b/third_party/libwebm/mkvparser/mkvparser.h
@@ -22,7 +22,7 @@ class IMkvReader {
virtual int Length(long long* total, long long* available) = 0;
protected:
- virtual ~IMkvReader();
+ virtual ~IMkvReader() {}
};
template <typename Type>
@@ -527,6 +527,8 @@ class VideoTrack : public Track {
Projection* GetProjection() const;
+ const char* GetColourSpace() const { return m_colour_space; }
+
private:
long long m_width;
long long m_height;
@@ -534,7 +536,7 @@ class VideoTrack : public Track {
long long m_display_height;
long long m_display_unit;
long long m_stereo_mode;
-
+ char* m_colour_space;
double m_rate;
Colour* m_colour;
diff --git a/third_party/libwebm/mkvparser/mkvreader.cc b/third_party/libwebm/mkvparser/mkvreader.cc
index 23d68f508..9d19c1be5 100644
--- a/third_party/libwebm/mkvparser/mkvreader.cc
+++ b/third_party/libwebm/mkvparser/mkvreader.cc
@@ -118,6 +118,8 @@ int MkvReader::Read(long long offset, long len, unsigned char* buffer) {
if (status)
return -1; // error
+#elif defined(_WIN32)
+ fseeko64(m_file, static_cast<off_t>(offset), SEEK_SET);
#else
fseeko(m_file, static_cast<off_t>(offset), SEEK_SET);
#endif
--
2.25.1

71
SOURCES/0004-CVE-2019-2126-update-libwebm-to-libwebm-1.0.0.27-361.patch Normal file
View File

@ -0,0 +1,71 @@
From d06fa15d1c113edea0d6760ea19af8e8d0af0d94 Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Fri, 7 Jun 2019 15:06:29 -0700
Subject: [PATCH 4/4] CVE-2019-2126: update libwebm to
libwebm-1.0.0.27-361-g81de00c
81de00c Check there is only one settings per ContentCompression
5623013 Fixes a double free in ContentEncoding
93b2ba0 mkvparser: quiet static analysis warnings
Change-Id: Ieaa562ef2f10075381bd856388e6b29f97ca2746
---
third_party/libwebm/README.libvpx | 2 +-
third_party/libwebm/mkvparser/mkvparser.cc | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/third_party/libwebm/README.libvpx b/third_party/libwebm/README.libvpx
index 16f17513e..714f5d0eb 100644
--- a/third_party/libwebm/README.libvpx
+++ b/third_party/libwebm/README.libvpx
@@ -1,5 +1,5 @@
URL: https://chromium.googlesource.com/webm/libwebm
-Version: dbf1d1089756e7cb5b1a04d6752310ef35912347
+Version: 81de00c43ea3c087b48a8c20337db7531b9f7612
License: BSD
License File: LICENSE.txt
diff --git a/third_party/libwebm/mkvparser/mkvparser.cc b/third_party/libwebm/mkvparser/mkvparser.cc
index dcb969dcf..ace65bd59 100644
--- a/third_party/libwebm/mkvparser/mkvparser.cc
+++ b/third_party/libwebm/mkvparser/mkvparser.cc
@@ -4230,6 +4230,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
new (std::nothrow) ContentEncryption*[encryption_count];
if (!encryption_entries_) {
delete[] compression_entries_;
+ compression_entries_ = NULL;
return -1;
}
encryption_entries_end_ = encryption_entries_;
@@ -4261,6 +4262,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
delete compression;
return status;
}
+ assert(compression_count > 0);
*compression_entries_end_++ = compression;
} else if (id == libwebm::kMkvContentEncryption) {
ContentEncryption* const encryption =
@@ -4273,6 +4275,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
delete encryption;
return status;
}
+ assert(encryption_count > 0);
*encryption_entries_end_++ = encryption;
}
@@ -4325,6 +4328,12 @@ long ContentEncoding::ParseCompressionEntry(long long start, long long size,
return status;
}
+ // There should be only one settings element per content compression.
+ if (compression->settings != NULL) {
+ delete[] buf;
+ return E_FILE_FORMAT_INVALID;
+ }
+
compression->settings = buf;
compression->settings_len = buflen;
}
--
2.25.1

23
SPECS/libvpx.spec
View File

@ -6,7 +6,7 @@
Name: libvpx
Summary: VP8/VP9 Video Codec SDK
Version: 1.7.0
Release: 6%{?dist}
Release: 8%{?dist}
License: BSD
Group: System Environment/Libraries
#Source0: http://downloads.webmproject.org/releases/webm/%{name}-%{version}.tar.bz2
@ -18,9 +18,13 @@ URL: http://www.webmproject.org/code/
%ifarch %{ix86} x86_64
BuildRequires: yasm
%endif
BuildRequires: doxygen, php-cli, perl(Getopt::Long)
BuildRequires: doxygen, perl(Getopt::Long)
# Do not disable FORTIFY_SOURCE=2
Patch0: libvpx-1.7.0-leave-fortify-source-on.patch
Patch1: 0001-CVE-2019-9232-Fix-OOB-memory-access-on-fuzzed-data.patch
Patch2: 0002-CVE-2019-9433-VP8-Fix-use-after-free-in-postproc.patch
Patch3: 0003-CVE-2019-9371-update-libwebm.patch
Patch4: 0004-CVE-2019-2126-update-libwebm-to-libwebm-1.0.0.27-361.patch
%description
libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications
@ -48,6 +52,10 @@ and decoder.
%prep
%setup -q -n libvpx-%{version}
%patch0 -p1 -b .leave-fs-on
%patch1 -p1 -b .0001
%patch2 -p1 -b .0002
%patch3 -p1 -b .0003
%patch4 -p1 -b .0004
%build
%ifarch %{ix86}
@ -93,7 +101,7 @@ CROSS=armv7hl-redhat-linux-gnueabi- CHOST=armv7hl-redhat-linux-gnueabi-hardfloat
--enable-pic --disable-install-srcs \
--enable-vp9-decoder --enable-vp9-encoder \
--enable-experimental --enable-spatial-svc \
--enable-vp9-highbitdepth \
--enable-vp9-highbitdepth --enable-webm-io \
%if ! %{generic_target}
--enable-shared \
%endif
@ -237,6 +245,15 @@ rm -rf %{buildroot}%{_prefix}/src
%{_bindir}/*
%changelog
* Wed Apr 1 2020 Wim Taymans <wtaymans@redhat.com> - 1.7.0-8
- Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454
- Enable webm-io explicitly
* Wed Mar 25 2020 Wim Taymans <wtaymans@redhat.com> - 1.7.0-7
- Fix for CVE-2019-9232, CVE-2019-9433, CVE-2019-9371, CVE-2019-2126
- Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454
- Remove php-cli BR
* Tue Oct 09 2018 Wim Taymans <wtaymans@redhat.com> - 1.7.0-6
- Set build flags in all cases
- Resolves: #1630588