From 5789dccf9b67cd4ade87078c5051c185b0799432 Mon Sep 17 00:00:00 2001 From: wangziliang Date: Tue, 16 Jul 2024 03:19:27 +0000 Subject: [PATCH] repatch fix-CVE-2024-32228.patch --- ...n_params-add-av_film_grain_params_se.patch | 118 ++++++++++++++++ ...n_params-add-metadata-to-common-stru.patch | 129 ++++++++++++++++++ ffmpeg.spec | 9 +- fix-CVE-2024-32228.patch | 57 ++++++++ 4 files changed, 312 insertions(+), 1 deletion(-) create mode 100644 backport-avutil-film_grain_params-add-av_film_grain_params_se.patch create mode 100644 backport-avutil-film_grain_params-add-metadata-to-common-stru.patch create mode 100644 fix-CVE-2024-32228.patch diff --git a/backport-avutil-film_grain_params-add-av_film_grain_params_se.patch b/backport-avutil-film_grain_params-add-av_film_grain_params_se.patch new file mode 100644 index 0000000..1bd2b75 --- /dev/null +++ b/backport-avutil-film_grain_params-add-av_film_grain_params_se.patch @@ -0,0 +1,118 @@ +From a9023377b22e3d70db504c69cd3e55d52a2c627a Mon Sep 17 00:00:00 2001 +From: Niklas Haas +Date: Fri, 15 Mar 2024 12:15:11 +0100 +Subject: [PATCH] avutil/film_grain_params: add av_film_grain_params_select() + +Common utility function that can be used by all codecs to select the +right (any valid) film grain parameter set. In particular, this is +useful for AFGS1, which has support for multiple parameters. + +However, it also performs parameter validation for H274. + +Conflict: LIBAVUTIL_VERSION_MINOR macro and doc/APIchanges file +Reference: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a9023377b22e3d70db504c69cd3e55d52a2c627a + +--- + libavutil/film_grain_params.c | 61 +++++++++++++++++++++++++++++++++++ + libavutil/film_grain_params.h | 11 +++++++ + 2 files changed, 72 insertions(+) + +diff --git a/libavutil/film_grain_params.c b/libavutil/film_grain_params.c +index 230ce8d701..fff7252f2f 100644 +--- a/libavutil/film_grain_params.c ++++ b/libavutil/film_grain_params.c +@@ -17,6 +17,7 @@ + */ + + #include "film_grain_params.h" ++#include "pixdesc.h" + + AVFilmGrainParams *av_film_grain_params_alloc(size_t *size) + { +@@ -47,3 +48,63 @@ AVFilmGrainParams *av_film_grain_params_create_side_data(AVFrame *frame) + + return (AVFilmGrainParams *)side_data->data; + } ++ ++const AVFilmGrainParams *av_film_grain_params_select(const AVFrame *frame) ++{ ++ const AVFilmGrainParams *fgp, *best = NULL; ++ const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(frame->format); ++ const AVFilmGrainAOMParams *aom; ++ const AVFilmGrainH274Params *h274; ++ int bit_depth_luma, bit_depth_chroma; ++ if (!desc) ++ return NULL; ++ ++ /* There are no YUV formats with different bit depth per component, ++ * so just check both against the first component for simplicity */ ++ bit_depth_luma = bit_depth_chroma = desc->comp[0].depth; ++ ++ for (int i = 0; i < frame->nb_side_data; i++) { ++ if (frame->side_data[i]->type != AV_FRAME_DATA_FILM_GRAIN_PARAMS) ++ continue; ++ fgp = (const AVFilmGrainParams*)frame->side_data[i]->data; ++ if (fgp->width && fgp->width > frame->width || ++ fgp->height && fgp->height > frame->height) ++ continue; ++ ++#define CHECK(a, b, unspec) \ ++ do { \ ++ if ((a) != (unspec) && (b) != (unspec) && (a) != (b)) \ ++ continue; \ ++ } while (0) ++ ++ CHECK(fgp->bit_depth_luma, bit_depth_luma, 0); ++ CHECK(fgp->bit_depth_chroma, bit_depth_chroma, 0); ++ CHECK(fgp->color_range, frame->color_range, AVCOL_RANGE_UNSPECIFIED); ++ CHECK(fgp->color_primaries, frame->color_primaries, AVCOL_PRI_UNSPECIFIED); ++ CHECK(fgp->color_trc, frame->color_trc, AVCOL_TRC_UNSPECIFIED); ++ CHECK(fgp->color_space, frame->colorspace, AVCOL_SPC_UNSPECIFIED); ++ ++ switch (fgp->type) { ++ case AV_FILM_GRAIN_PARAMS_NONE: ++ continue; ++ case AV_FILM_GRAIN_PARAMS_AV1: ++ aom = &fgp->codec.aom; ++ /* AOM FGS needs an exact match for the chroma resolution */ ++ if (fgp->subsampling_x != desc->log2_chroma_w || ++ fgp->subsampling_y != desc->log2_chroma_h) ++ continue; ++ break; ++ case AV_FILM_GRAIN_PARAMS_H274: ++ /* H.274 FGS can be adapted to any lower chroma resolution */ ++ if (fgp->subsampling_x > desc->log2_chroma_w || ++ fgp->subsampling_y > desc->log2_chroma_h) ++ continue; ++ break; ++ } ++ ++ if (!best || best->width < fgp->width || best->height < fgp->height) ++ best = fgp; ++ } ++ ++ return best; ++} +diff --git a/libavutil/film_grain_params.h b/libavutil/film_grain_params.h +index a9f243351c..ccacab88fe 100644 +--- a/libavutil/film_grain_params.h ++++ b/libavutil/film_grain_params.h +@@ -308,4 +308,15 @@ AVFilmGrainParams *av_film_grain_params_alloc(size_t *size); + */ + AVFilmGrainParams *av_film_grain_params_create_side_data(AVFrame *frame); + ++/** ++ * Select the most appropriate film grain parameters set for the frame, ++ * taking into account the frame's format, resolution and video signal ++ * characteristics. ++ * ++ * @note, for H.274, this may select a film grain parameter set with ++ * greater chroma resolution than the frame. Users should take care to ++ * correctly adjust the chroma grain frequency to the frame. ++ */ ++const AVFilmGrainParams *av_film_grain_params_select(const AVFrame *frame); ++ + #endif /* AVUTIL_FILM_GRAIN_PARAMS_H */ +-- +2.33.0 + diff --git a/backport-avutil-film_grain_params-add-metadata-to-common-stru.patch b/backport-avutil-film_grain_params-add-metadata-to-common-stru.patch new file mode 100644 index 0000000..96f1956 --- /dev/null +++ b/backport-avutil-film_grain_params-add-metadata-to-common-stru.patch @@ -0,0 +1,129 @@ +From 35d2960dcd0acc6265129f53329cb364960e6492 Mon Sep 17 00:00:00 2001 +From: Niklas Haas +Date: Fri, 15 Mar 2024 11:42:42 +0100 +Subject: [PATCH] avutil/film_grain_params: add metadata to common struct + +This is needed for AV1 film grain as well, when using AFGS1 streams. +Also add extra width/height and subsampling information, which AFGS1 +cares about, as part of the same API bump. (And in principle, H274 +should also expose this information, since it is needed downstream to +correctly adjust the chroma grain frequency to the subsampling ratio) + +Deprecate the equivalent H274-exclusive fields. To avoid breaking ABI, +add the new fields after the union; but with enough of a paper trail to +hopefully re-order them on the next bump. + +Conflict: LIBAVUTIL_VERSION_MINOR macro and doc/APIchanges file +Reference: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=35d2960dcd0acc6265129f53329cb364960e6492 + +--- + libavutil/film_grain_params.h | 57 +++++++++++++++++++++++++++++++++-- + libavutil/version.h | 1 + + 2 files changed, 55 insertions(+), 3 deletions(-) + +diff --git a/libavutil/film_grain_params.h b/libavutil/film_grain_params.h +index f3bd0a4a6a..a9f243351c 100644 +--- a/libavutil/film_grain_params.h ++++ b/libavutil/film_grain_params.h +@@ -136,20 +136,42 @@ typedef struct AVFilmGrainH274Params { + */ + int model_id; + +- /** +- * Specifies the bit depth used for the luma component. +- */ ++#if FF_API_H274_FILM_GRAIN_VCS ++ /** ++ * TODO: On this ABI bump, please also re-order the fields in ++ * AVFilmGrainParams (see below) ++ */ ++ ++ /** ++ * Specifies the bit depth used for the luma component. ++ * ++ * @deprecated use AVFilmGrainParams.bit_depth_luma. ++ */ ++ attribute_deprecated + int bit_depth_luma; + + /** + * Specifies the bit depth used for the chroma components. ++ * ++ * @deprecated use AVFilmGrainParams.bit_depth_chroma. + */ ++ attribute_deprecated + int bit_depth_chroma; + ++ /** ++ * Specifies the video signal characteristics. ++ * ++ * @deprecated use AVFilmGrainParams.color_{range,primaries,trc,space}. ++ */ ++ attribute_deprecated + enum AVColorRange color_range; ++ attribute_deprecated + enum AVColorPrimaries color_primaries; ++ attribute_deprecated + enum AVColorTransferCharacteristic color_trc; ++ attribute_deprecated + enum AVColorSpace color_space; ++#endif + + /** + * Specifies the blending mode used to blend the simulated film grain +@@ -231,11 +253,40 @@ typedef struct AVFilmGrainParams { + * Additional fields may be added both here and in any structure included. + * If a codec's film grain structure differs slightly over another + * codec's, fields within may change meaning depending on the type. ++ * ++ * TODO: Move this to the end of the structure, at the next ABI bump. + */ + union { + AVFilmGrainAOMParams aom; + AVFilmGrainH274Params h274; + } codec; ++ ++ /** ++ * Intended display resolution. May be 0 if the codec does not specify ++ * any restrictions. ++ */ ++ ++ int width, height; ++ ++ /** ++ * Intended subsampling ratio, or 0 for luma-only streams. ++ */ ++ int subsampling_x, subsampling_y; ++ ++ /** ++ * Intended video signal characteristics. ++ */ ++ enum AVColorRange color_range; ++ enum AVColorPrimaries color_primaries; ++ enum AVColorTransferCharacteristic color_trc; ++ enum AVColorSpace color_space; ++ ++ /** ++ * Intended bit depth, or 0 for unknown/unspecified. ++ */ ++ int bit_depth_luma; ++ int bit_depth_chroma; ++ + } AVFilmGrainParams; + + /** +diff --git a/libavutil/version.h b/libavutil/version.h +index 882003f719..64a467fa41 100644 +--- a/libavutil/version.h ++++ b/libavutil/version.h +@@ -111,6 +111,7 @@ + #define FF_API_FRAME_KEY (LIBAVUTIL_VERSION_MAJOR < 59) + #define FF_API_PALETTE_HAS_CHANGED (LIBAVUTIL_VERSION_MAJOR < 59) + #define FF_API_VULKAN_CONTIGUOUS_MEMORY (LIBAVUTIL_VERSION_MAJOR < 59) ++#define FF_API_H274_FILM_GRAIN_VCS (LIBAVUTIL_VERSION_MAJOR < 60) + + /** + * @} +-- +2.33.0 + diff --git a/ffmpeg.spec b/ffmpeg.spec index bf53394..2b73b8b 100644 --- a/ffmpeg.spec +++ b/ffmpeg.spec @@ -58,7 +58,7 @@ Summary: Digital VCR and streaming server Name: ffmpeg%{?flavor} Version: 6.1.1 -Release: 11 +Release: 12 License: GPL-3.0-or-later URL: http://ffmpeg.org/ Source0: http://ffmpeg.org/releases/ffmpeg-%{version}.tar.xz @@ -72,6 +72,9 @@ Patch5: fix_libsvgdec_compile_error.patch Patch6: CVE-2023-49528.patch Patch7: fix-CVE-2023-49502.patch Patch8: fix-CVE-2024-32230.patch +Patch9: backport-avutil-film_grain_params-add-metadata-to-common-stru.patch +Patch10: backport-avutil-film_grain_params-add-av_film_grain_params_se.patch +Patch11: fix-CVE-2024-32228.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel} @@ -400,6 +403,10 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir} %changelog +* Tue Jul 16 2024 wangziliang - 6.1.1-12 +- backport 2 patches to fix fix-CVE-2024-32228.patch compile error +- repatch fix-CVE-2024-32228.patch + * Fri Jul 5 2024 happyworker <208suo@208suo.com> - 6.1.1-11 - remove fix-CVE-2024-32228.patch diff --git a/fix-CVE-2024-32228.patch b/fix-CVE-2024-32228.patch new file mode 100644 index 0000000..c88fb33 --- /dev/null +++ b/fix-CVE-2024-32228.patch @@ -0,0 +1,57 @@ +From 459648761f5412acdc3317d5bac982ceaa257584 Mon Sep 17 00:00:00 2001 +From: Niklas Haas +Date: Sat, 6 Apr 2024 13:11:09 +0200 +Subject: [PATCH] avcodec/hevcdec: fix segfault on invalid film grain metadata + +Invalid input files may contain film grain metadata which survives +ff_h274_film_grain_params_supported() but does not pass +av_film_grain_params_select(), leading to a SIGSEGV on hevc_frame_end(). + +Fix this by duplicating the av_film_grain_params_select() check at frame +init time. + +An alternative solution here would be to defer the incompatibility check +to hevc_frame_end(), but this has the downside of allocating a film +grain buffer even when we already know we can't apply film grain. + +Fixes: https://trac.ffmpeg.org/ticket/10951 +--- + libavcodec/hevcdec.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c +index e1710d7..d3b668a 100644 +--- a/libavcodec/hevcdec.c ++++ b/libavcodec/hevcdec.c +@@ -2893,9 +2893,15 @@ static int hevc_frame_start(HEVCContext *s) + !(s->avctx->export_side_data & AV_CODEC_EXPORT_DATA_FILM_GRAIN) && + !s->avctx->hwaccel; + ++ ret = set_side_data(s); ++ if (ret < 0) ++ goto fail; ++ + if (s->ref->needs_fg && +- !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, +- s->ref->frame->format)) { ++ ( s->sei.common.film_grain_characteristics.present && ++ !ff_h274_film_grain_params_supported(s->sei.common.film_grain_characteristics.model_id, ++ s->ref->frame->format)) ++ || !av_film_grain_params_select(s->ref->frame)) { + av_log_once(s->avctx, AV_LOG_WARNING, AV_LOG_DEBUG, &s->film_grain_warning_shown, + "Unsupported film grain parameters. Ignoring film grain.\n"); + s->ref->needs_fg = 0; +@@ -2909,10 +2915,6 @@ static int hevc_frame_start(HEVCContext *s) + goto fail; + } + +- ret = set_side_data(s); +- if (ret < 0) +- goto fail; +- + s->frame->pict_type = 3 - s->sh.slice_type; + + if (!IS_IRAP(s)) +-- +2.33.0 + -- Gitee