user/ffmpeg: patch CVE-2019-13312 and CVE-2020-12284 (#156)

1 files changed, 30 insertions, 0 deletions

diff --git a/user/ffmpeg/CVE-2019-13312.patch b/user/ffmpeg/CVE-2019-13312.patch
new file mode 100644
index 000000000..1ef9d92b4
--- /dev/null
+++ b/user/ffmpeg/CVE-2019-13312.patch
@@ -0,0 +1,30 @@
+From ea56af88956061d700043c5c4b026ac57834b0c8 Mon Sep 17 00:00:00 2001
+From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
+Date: Mon, 1 Jul 2019 01:45:36 +0200
+Subject: [PATCH] lavc/zmbvenc: Do not left-shift negative values.
+
+Fixes the following ubsan errors with the sample from ticket #7980:
+libavcodec/zmbvenc.c:243:29: runtime error: left shift of negative value -4
+libavcodec/zmbvenc.c:244:28: runtime error: left shift of negative value -2
+---
+ libavcodec/zmbvenc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/zmbvenc.c b/libavcodec/zmbvenc.c
+index 4887175..0e22ce6 100644
+--- a/libavcodec/zmbvenc.c
++++ b/libavcodec/zmbvenc.c
+@@ -240,8 +240,8 @@ FF_ENABLE_DEPRECATION_WARNINGS
+                 tprev = prev + x * c->bypp;
+ 
+                 zmbv_me(c, tsrc, p->linesize[0], tprev, c->pstride, x, y, &mx, &my, &xored);
+-                mv[0] = (mx << 1) | !!xored;
+-                mv[1] = my << 1;
++                mv[0] = (mx * 2) | !!xored;
++                mv[1] = my * 2;
+                 tprev += mx * c->bypp + my * c->pstride;
+                 if(xored){
+                     for(j = 0; j < bh2; j++){
+-- 
+2.7.4
+