diff --git a/cmake/external_libs/ffmpeg.cmake b/cmake/external_libs/ffmpeg.cmake index 082e3a1fafa..d374317ead9 100644 --- a/cmake/external_libs/ffmpeg.cmake +++ b/cmake/external_libs/ffmpeg.cmake @@ -1,4 +1,5 @@ -set(FFMPEG_FLAGS +if(CMAKE_SYSTEM_NAME MATCHES "Linux") + set(FFMPEG_FLAGS --disable-programs --disable-doc --disable-postproc @@ -8,7 +9,20 @@ set(FFMPEG_FLAGS --disable-static --enable-shared --disable-x86asm - ) + --extra-cflags="-D_FORTIFY_SOURCE=2 -fstack-protector-all" + --extra-ldflags="-Wl,-z,relro,-z,now") +else() + set(FFMPEG_FLAGS + --disable-programs + --disable-doc + --disable-postproc + --disable-decoder=av1 + --disable-libxcb + --disable-hwaccels + --disable-static + --enable-shared + --disable-x86asm) +endif() set(REQ_URL "https://ffmpeg.org/releases/ffmpeg-5.1.2.tar.gz") set(SHA256 "87fe8defa37ce5f7449e36047171fed5e4c3f4bb73eaccea8c954ee81393581c") @@ -36,6 +50,9 @@ else() LIBS avcodec avdevice avfilter avformat avutil swresample swscale URL ${REQ_URL} SHA256 ${SHA256} + PATCHES ${TOP_DIR}/third_party/patch/ffmpeg/CVE-2022-3964.patch + PATCHES ${TOP_DIR}/third_party/patch/ffmpeg/CVE-2022-3965.patch + PATCHES ${TOP_DIR}/third_party/patch/ffmpeg/CVE-2023-47342.patch CONFIGURE_COMMAND ./configure ${FFMPEG_FLAGS} ) diff --git a/third_party/patch/ffmpeg/CVE-2022-3964.patch b/third_party/patch/ffmpeg/CVE-2022-3964.patch new file mode 100644 index 00000000000..493bf023e10 --- /dev/null +++ b/third_party/patch/ffmpeg/CVE-2022-3964.patch @@ -0,0 +1,72 @@ +diff -Npur ffmpeg-5.1.2/libavcodec/rpzaenc.c ffmpeg-5.1.2-change/libavcodec/rpzaenc.c +--- ffmpeg-5.1.2/libavcodec/rpzaenc.c 2022-07-23 01:58:39.000000000 +0800 ++++ ffmpeg-5.1.2-change/libavcodec/rpzaenc.c 2024-06-25 15:56:07.594394836 +0800 +@@ -205,7 +205,7 @@ static void get_max_component_diff(Block + + // loop thru and compare pixels + for (y = 0; y < bi->block_height; y++) { +- for (x = 0; x < bi->block_width; x++){ ++ for (x = 0; x < bi->block_width; x++) { + // TODO: optimize + min_r = FFMIN(R(block_ptr[x]), min_r); + min_g = FFMIN(G(block_ptr[x]), min_g); +@@ -277,7 +277,7 @@ static int leastsquares(uint16_t *block_ + return -1; + + for (i = 0; i < bi->block_height; i++) { +- for (j = 0; j < bi->block_width; j++){ ++ for (j = 0; j < bi->block_width; j++) { + x = GET_CHAN(block_ptr[j], xchannel); + y = GET_CHAN(block_ptr[j], ychannel); + sumx += x; +@@ -324,7 +324,7 @@ static int calc_lsq_max_fit_error(uint16 + int max_err = 0; + + for (i = 0; i < bi->block_height; i++) { +- for (j = 0; j < bi->block_width; j++){ ++ for (j = 0; j < bi->block_width; j++) { + int x_inc, lin_y, lin_x; + x = GET_CHAN(block_ptr[j], xchannel); + y = GET_CHAN(block_ptr[j], ychannel); +@@ -419,7 +419,9 @@ static void update_block_in_prev_frame(c + uint16_t *dest_pixels, + const BlockInfo *bi, int block_counter) + { +- for (int y = 0; y < 4; y++) { ++ const int y_size = FFMIN(4, bi->image_height - bi->row * 4); ++ ++ for (int y = 0; y < y_size; y++) { + memcpy(dest_pixels, src_pixels, 8); + dest_pixels += bi->rowstride; + src_pixels += bi->rowstride; +@@ -729,14 +731,15 @@ post_skip : + + if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK + uint16_t *row_ptr; +- int rgb555; ++ int y_size, rgb555; + + block_offset = get_block_info(&bi, block_counter); + + row_ptr = &src_pixels[block_offset]; ++ y_size = FFMIN(4, bi.image_height - bi.row * 4); + +- for (int y = 0; y < 4; y++) { +- for (int x = 0; x < 4; x++){ ++ for (int y = 0; y < y_size; y++) { ++ for (int x = 0; x < 4; x++) { + rgb555 = row_ptr[x] & ~0x8000; + + put_bits(&s->pb, 16, rgb555); +@@ -744,6 +747,11 @@ post_skip : + row_ptr += bi.rowstride; + } + ++ for (int y = y_size; y < 4; y++) { ++ for (int x = 0; x < 4; x++) ++ put_bits(&s->pb, 16, 0); ++ } ++ + block_counter++; + } else { // FOUR COLOR BLOCK + block_counter += encode_four_color_block(min_color, max_color, diff --git a/third_party/patch/ffmpeg/CVE-2022-3965.patch b/third_party/patch/ffmpeg/CVE-2022-3965.patch new file mode 100644 index 00000000000..155aad1524b --- /dev/null +++ b/third_party/patch/ffmpeg/CVE-2022-3965.patch @@ -0,0 +1,91 @@ +diff -Npur ffmpeg-5.1.2/libavcodec/smcenc.c ffmpeg-5.1.2-change/libavcodec/smcenc.c +--- ffmpeg-5.1.2/libavcodec/smcenc.c 2022-07-23 01:58:39.000000000 +0800 ++++ ffmpeg-5.1.2-change/libavcodec/smcenc.c 2024-06-25 17:07:00.100640653 +0800 +@@ -61,6 +61,7 @@ typedef struct SMCContext { + { \ + row_ptr += stride * 4; \ + pixel_ptr = row_ptr; \ ++ cur_y += 4; \ + } \ + } \ + } +@@ -117,6 +118,7 @@ static void smc_encode_stream(SMCContext + const uint8_t *prev_pixels = (const uint8_t *)s->prev_frame->data[0]; + uint8_t *distinct_values = s->distinct_values; + const uint8_t *pixel_ptr, *row_ptr; ++ const int height = frame->height; + const int width = frame->width; + uint8_t block_values[16]; + int block_counter = 0; +@@ -125,13 +127,14 @@ static void smc_encode_stream(SMCContext + int color_octet_index = 0; + int color_table_index; /* indexes to color pair, quad, or octet tables */ + int total_blocks; ++ int cur_y = 0; + + memset(s->color_pairs, 0, sizeof(s->color_pairs)); + memset(s->color_quads, 0, sizeof(s->color_quads)); + memset(s->color_octets, 0, sizeof(s->color_octets)); + + /* Number of 4x4 blocks in frame. */ +- total_blocks = ((frame->width + 3) / 4) * ((frame->height + 3) / 4); ++ total_blocks = ((width + 3) / 4) * ((height + 3) / 4); + + pixel_ptr = row_ptr = src_pixels; + +@@ -145,11 +148,13 @@ static void smc_encode_stream(SMCContext + int cache_index; + int distinct = 0; + int blocks = 0; ++ int frame_y = cur_y; + + while (prev_pixels && s->key_frame == 0 && block_counter + inter_skip_blocks < total_blocks) { ++ const int y_size = FFMIN(4, height - cur_y); + int compare = 0; + +- for (int y = 0; y < 4; y++) { ++ for (int y = 0; y < y_size; y++) { + const ptrdiff_t offset = pixel_ptr - src_pixels; + const uint8_t *prev_pixel_ptr = prev_pixels + offset; + +@@ -170,8 +175,10 @@ static void smc_encode_stream(SMCContext + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + while (block_counter > 0 && block_counter + intra_skip_blocks < total_blocks) { ++ const int y_size = FFMIN(4, height - cur_y); + const ptrdiff_t offset = pixel_ptr - src_pixels; + const int sy = offset / stride; + const int sx = offset % stride; +@@ -180,7 +187,7 @@ static void smc_encode_stream(SMCContext + const uint8_t *old_pixel_ptr = src_pixels + nx + ny * stride; + int compare = 0; + +- for (int y = 0; y < 4; y++) { ++ for (int y = 0; y < y_size; y++) { + compare |= memcmp(old_pixel_ptr + y * stride, pixel_ptr + y * stride, 4); + if (compare) + break; +@@ -197,9 +204,11 @@ static void smc_encode_stream(SMCContext + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + while (block_counter + coded_blocks < total_blocks && coded_blocks < 256) { +- for (int y = 0; y < 4; y++) ++ const int y_size = FFMIN(4, height - cur_y); ++ for (int y = 0; y < y_size; y++) + memcpy(block_values + y * 4, pixel_ptr + y * stride, 4); + + qsort(block_values, 16, sizeof(block_values[0]), smc_cmp_values); +@@ -224,6 +233,7 @@ static void smc_encode_stream(SMCContext + + pixel_ptr = xpixel_ptr; + row_ptr = xrow_ptr; ++ cur_y = frame_y; + + blocks = coded_blocks; + distinct = coded_distinct; diff --git a/third_party/patch/ffmpeg/CVE-2023-47342.patch b/third_party/patch/ffmpeg/CVE-2023-47342.patch new file mode 100644 index 00000000000..0eace366db0 --- /dev/null +++ b/third_party/patch/ffmpeg/CVE-2023-47342.patch @@ -0,0 +1,12 @@ +diff -Npur ffmpeg-5.1.2/libavformat/rtsp.c ffmpeg-5.1.2-change/libavformat/rtsp.c +--- ffmpeg-5.1.2/libavformat/rtsp.c 2022-07-23 01:58:39.000000000 +0800 ++++ ffmpeg-5.1.2-change/libavformat/rtsp.c 2024-06-25 16:37:03.333689422 +0800 +@@ -409,7 +409,7 @@ static void parse_fmtp(AVFormatContext * + if (rtsp_st->sdp_payload_type == payload_type && + rtsp_st->dynamic_handler && + rtsp_st->dynamic_handler->parse_sdp_a_line) { +- rtsp_st->dynamic_handler->parse_sdp_a_line(s, i, ++ rtsp_st->dynamic_handler->parse_sdp_a_line(s, rtsp_st->stream_index, + rtsp_st->dynamic_protocol_context, line); + } + }