From patchwork Thu Nov 14 20:01:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Boyle X-Patchwork-Id: 16274 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id B5D8B4491ED for ; Thu, 14 Nov 2019 22:08:44 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A22E868A6C7; Thu, 14 Nov 2019 22:08:44 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-oi1-f180.google.com (mail-oi1-f180.google.com [209.85.167.180]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 491B268A323 for ; Thu, 14 Nov 2019 22:08:37 +0200 (EET) Received: by mail-oi1-f180.google.com with SMTP id v138so6473340oif.6 for ; Thu, 14 Nov 2019 12:08:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quotient-inc-com.20150623.gappssmtp.com; s=20150623; h=to:from:subject:organization:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=YrFCVIO9RXMMGhiU2KK8rGJF/JiuRO4IRjcC5shzGMU=; b=g0u0h/1oUxEPQ9zJQjOhPftAGlIPi+jDUM9nX6tm2x+OyhHCocCovDd3IIgIvJPCTE 47tKxNpm50llV+JtlkG6n48u3nEk8nrk/tFXQJEOXSy9jZvijyMUbKtJlV9PfAHsPr5d J/mHbphIXi3IEApMPdB4LSyA9ScQND7NycJ03y7OsjIQxADyF4TLplF3nEpczMNaxugo skZRKVzL2wrKM3AKhpgfrHrPAALPf3pNHYWxw40s53OURDk/UK7Q+mbUhwBkywMq+HQE PAlsBP1lsW0u8o3VJhlw2qbUVcex4cmWRoG6o4i4WuR1q72hnn3TZrKHZ12xPgH8EjPi /ffw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:organization:message-id:date :user-agent:mime-version:content-language:content-transfer-encoding; bh=YrFCVIO9RXMMGhiU2KK8rGJF/JiuRO4IRjcC5shzGMU=; b=bDTGFeUUCMwBM5o31BRjXyi1D1dig052oIPssyuCjN0fTHIBsFix6UmLZyItBQcKGu jpQr+drNcTQDI8H8rlaA2ne/tNohJjBTEw48M/eBeu8y1SDbW/ubIdf6rtcEmidOJ80p 7OagV6HDbYCtSck26g2hMUe5lGPdL632ICKiA3aSoIui3vpjr/3verluaBzAcpOBawo9 NFutyHyc8vbe9KnxEuW7VsWQY9WJmObjY7vmagCwwfAwK98eeXlftE4Tt4y6UuVJL7m9 5Ip3pmu9++ZEVk1OExyJm9d7R0Q2cDjzPS3TYSuDoSznCNE2xOrn495yLUx++GEcdG4O Mhgw== X-Gm-Message-State: APjAAAXjSH1zuRCXhjEza9J0IZLDadSgQdyZUNbIpiU39Ee8aTjpwGdS 6ETr/0wBZMvZTtBHUSavrBE6rwJ9eEg= X-Google-Smtp-Source: APXvYqzz/GWEX5nWvw1USy5pk1ptLlXQExMV22zTS+5XvUkMYkbv1SXWrAazB591Hr324IGhef6xHQ== X-Received: by 2002:aca:ecd0:: with SMTP id k199mr5037358oih.166.1573761690686; Thu, 14 Nov 2019 12:01:30 -0800 (PST) Received: from koscielec.myquotient.net (static-96-234-207-34.bltmmd.fios.verizon.net. [96.234.207.34]) by smtp.googlemail.com with ESMTPSA id m11sm2092190otp.15.2019.11.14.12.01.29 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 14 Nov 2019 12:01:30 -0800 (PST) To: ffmpeg-devel@ffmpeg.org From: James Boyle Organization: Quotient Message-ID: <53ebf344-9424-4814-5097-fb7feaf49b61@quotient-inc.com> Date: Thu, 14 Nov 2019 15:01:29 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 Content-Language: en-US Subject: [FFmpeg-devel] [PATCH 1/2] backport NULL pointer dereference fix / CVE-2019-17539 / 15733 clusterfuzz X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Hello, This patch is nearly identical to commit 8df6884832ec413cf032dfaa45c23b1c7876670c, but is intended to backport the fix for CVE-2019-17539 to ffmpeg version 3.4.6, which is in use on RHEL 7 systems that get ffmpeg from rpmfusion. https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c --- libavcodec/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index ec03bdc..18b66d4 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1112,7 +1112,7 @@ end: return ret; free_and_end: - if (avctx->codec && + if (avctx->codec && avctx->codec->close && (avctx->codec->caps_internal & FF_CODEC_CAP_INIT_CLEANUP)) avctx->codec->close(avctx);