import-layers/yocto-poky/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2017-14169.patch - openbmc/openbmc - Gitiles

 From 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?=
  <tony.sh@alibaba-inc.com>
 Date: Tue, 29 Aug 2017 23:59:21 +0200
 Subject: [PATCH] avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 Fixes: 20170829B.mxf

 Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
 Found-by: Xiaohei and Wangchu from Alibaba Security Team
 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

 CVE: CVE-2017-14169
 Upstream-Status: Backport

 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
 ---
  libavformat/mxfdec.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
 index 6adb77d..91731a7 100644
 --- a/libavformat/mxfdec.c
 +++ b/libavformat/mxfdec.c
 @@ -500,7 +500,7 @@ static int mxf_read_primer_pack(void *arg, AVIOContext *pb, int tag, int size, U
          avpriv_request_sample(pb, "Primer pack item length %d", item_len);
          return AVERROR_PATCHWELCOME;
      }
 -    if (item_num > 65536) {
 +    if (item_num > 65536 || item_num < 0) {
          av_log(mxf->fc, AV_LOG_ERROR, "item_num %d is too large\n", item_num);
          return AVERROR_INVALIDDATA;
      }
 --
 2.1.0
	From 9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad Mon Sep 17 00:00:00 2001
	From: =?UTF-8?q?=E5=AD=99=E6=B5=A9=28=E6=99=93=E9=BB=91=29?=
	<tony.sh@alibaba-inc.com>
	Date: Tue, 29 Aug 2017 23:59:21 +0200
	Subject: [PATCH] avformat/mxfdec: Fix Sign error in mxf_read_primer_pack()
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	Fixes: 20170829B.mxf

	Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
	Found-by: Xiaohei and Wangchu from Alibaba Security Team
	Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

	CVE: CVE-2017-14169
	Upstream-Status: Backport

	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
	---
	libavformat/mxfdec.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
	index 6adb77d..91731a7 100644
	--- a/libavformat/mxfdec.c
	+++ b/libavformat/mxfdec.c
	@@ -500,7 +500,7 @@ static int mxf_read_primer_pack(void arg, AVIOContext pb, int tag, int size, U
	avpriv_request_sample(pb, "Primer pack item length %d", item_len);
	return AVERROR_PATCHWELCOME;
	}
	- if (item_num > 65536) {
	+ if (item_num > 65536 \|\| item_num < 0) {
	av_log(mxf->fc, AV_LOG_ERROR, "item_num %d is too large\n", item_num);
	return AVERROR_INVALIDDATA;
	}
	--
	2.1.0