From f9837339ed10fa4efb0053c1ecd0dbbec4bef14c Mon Sep 17 00:00:00 2001
From: happyworker <208suo@208suo.com>
Date: Thu, 3 Jul 2025 14:37:12 +0800
Subject: [PATCH] fix CVE-2020-22044

---
 CVE-2020-22044.patch | 29 +++++++++++++++++++++++++++++
 ffmpeg.spec          |  7 ++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-22044.patch

diff --git a/CVE-2020-22044.patch b/CVE-2020-22044.patch
new file mode 100644
index 0000000..53b9e0e
--- /dev/null
+++ b/CVE-2020-22044.patch
@@ -0,0 +1,29 @@
+From 1c6dc790f8dc0e76df39e974ba6ae434f6a5eda3 Mon Sep 17 00:00:00 2001
+From: James Almer <jamrial@gmail.com>
+Date: Thu, 3 Jul 2025 14:30:22 +0800
+Subject: [PATCH] avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going to be...
+
+---
+ libavformat/nutenc.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c
+index 2c2334a..632e08c 100644
+--- a/libavformat/nutenc.c
++++ b/libavformat/nutenc.c
+@@ -1171,8 +1171,11 @@ static int nut_write_trailer(AVFormatContext *s)
+     while (nut->header_count < 3)
+         write_headers(s, bc);
+ 
++    if (!nut->sp_count)
++       return 0;
++
+     ret = avio_open_dyn_buf(&dyn_bc);
+-    if (ret >= 0 && nut->sp_count) {
++    if (ret >= 0) {
+         av_assert1(nut->write_index); // sp_count should be 0 if no index is going to be written
+         write_index(nut, dyn_bc);
+         put_packet(nut, bc, dyn_bc, 1, INDEX_STARTCODE);
+-- 
+2.43.0
+
diff --git a/ffmpeg.spec b/ffmpeg.spec
index 83bf294..b559445 100644
--- a/ffmpeg.spec
+++ b/ffmpeg.spec
@@ -61,7 +61,7 @@ ExclusiveArch: armv7hnl
 Summary:        Digital VCR and streaming server
 Name:           ffmpeg%{?flavor}
 Version:        4.2.4
-Release:        9
+Release:        10
 License:        %{ffmpeg_license}
 URL:            http://ffmpeg.org/
 %if 0%{?date}
@@ -80,6 +80,8 @@ Patch7:         CVE-2023-51794.patch
 Patch8:         fix-CVE-2023-51798.patch
 Patch9:         fix-CVE-2023-51793.patch
 Patch10:        fix-CVE-2023-50010.patch
+Patch11:        CVE-2020-22044.patch
+
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %{?_with_cuda:BuildRequires: cuda-minimal-build-%{_cuda_version_rpm} cuda-drivers-devel}
 %{?_with_libnpp:BuildRequires: pkgconfig(nppc-%{_cuda_version})}
@@ -412,6 +414,9 @@ install -pm755 tools/qt-faststart %{buildroot}%{_bindir}
 
 
 %changelog
+* Thu Jul  3 2025 happyworker <208suo@208suo.com> - 4.2.4-10
+- fix CVE-2020-22044
+
 * Fri Jun 28 2024 happyworker <208suo@208suo.com> - 4.2.4-9
 - Fix CVE-2023-50010
 
-- 
Gitee