Message ID | 53ebf344-9424-4814-5097-fb7feaf49b61@quotient-inc.com |
---|---|
State | New |
Headers | show |
On Thu, Nov 14, 2019 at 03:01:29PM -0500, James Boyle wrote: > Hello, > > This patch is nearly identical to commit > 8df6884832ec413cf032dfaa45c23b1c7876670c, but is intended to backport > the fix for CVE-2019-17539 to ffmpeg version 3.4.6, which is in use on > RHEL 7 systems that get ffmpeg from rpmfusion. > > https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c > > --- > libavcodec/utils.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) This and "[PATCH 2/2] backport out of array access fix / CVE-2019-17542 / 15919 clusterfuzz" and more than 200 other fixes will be part of the next release from the 3.4 branch in fact i already have fixes for these 2 backported locally, just not pushed ill try to get these pushed to the branch after a bit of sleep Thanks [...]
On Thu, Nov 14, 2019 at 11:42:45PM +0100, Michael Niedermayer wrote: > On Thu, Nov 14, 2019 at 03:01:29PM -0500, James Boyle wrote: > > Hello, > > > > This patch is nearly identical to commit > > 8df6884832ec413cf032dfaa45c23b1c7876670c, but is intended to backport > > the fix for CVE-2019-17539 to ffmpeg version 3.4.6, which is in use on > > RHEL 7 systems that get ffmpeg from rpmfusion. > > > > https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c > > > > --- > > libavcodec/utils.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > This and "[PATCH 2/2] backport out of array access fix / CVE-2019-17542 / 15919 clusterfuzz" > and more than 200 other fixes > will be part of the next release from the 3.4 branch > in fact i already have fixes for these 2 backported locally, just not pushed > > ill try to get these pushed to the branch after a bit of sleep pushed, feel free to check if something was missed i intend to make a release of this in the next week(s) probably. Thanks [...]
diff --git a/libavcodec/utils.c b/libavcodec/utils.c index ec03bdc..18b66d4 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1112,7 +1112,7 @@ end: return ret; free_and_end: - if (avctx->codec && + if (avctx->codec && avctx->codec->close && (avctx->codec->caps_internal & FF_CODEC_CAP_INIT_CLEANUP)) avctx->codec->close(avctx);