diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Avoid-integer-overflows-in-align_image_dimension.patch | 191 | ||||
| -rw-r--r-- | Fix-integer-overflows-in-calc-of-stride_in_bytes.patch | 127 | ||||
| -rw-r--r-- | aom.spec | 129 | ||||
| -rw-r--r-- | sources | 1 |
5 files changed, 449 insertions, 0 deletions
@@ -0,0 +1 @@ +/aom-3.8.3.tar.gz diff --git a/Avoid-integer-overflows-in-align_image_dimension.patch b/Avoid-integer-overflows-in-align_image_dimension.patch new file mode 100644 index 0000000..46d49b2 --- /dev/null +++ b/Avoid-integer-overflows-in-align_image_dimension.patch @@ -0,0 +1,191 @@ +From 8156fb76d88845d716867d20333fd27001be47a8 Mon Sep 17 00:00:00 2001 +From: Wan-Teh Chang <wtc@google.com> +Date: Thu, 4 Apr 2024 15:14:08 -0700 +Subject: [PATCH 2/2] Avoid integer overflows in align_image_dimension() + +Impose maximum values on the input parameters so that we can perform +arithmetic operations without worrying about overflows. + +Fix a bug (introduced in commit 7aa2edc) that the ~ operator is applied +to (stride_align - 1), which is unsigned int, and then the result is +converted to uint64_t. + +Also change the AomImageTest.AomImgAllocHugeWidth test to write to the +first and last samples in the first row of the Y plane, so that the test +will crash if there is unsigned integer overflow in the calculation of +stride_in_bytes. + +Bug: chromium:332382766 +Change-Id: I634c38c35a296b5bbf3de7ddf10040e7ec5ee9a1 +(cherry picked from commit 60653dff7f8ee3e769a0aeec5e210a4fc2687717) +--- + aom/aom_image.h | 27 ++++++++++++++++++--------- + aom/src/aom_image.c | 19 +++++++++++++++---- + test/aom_image_test.cc | 29 +++++++++++++++++++++++++++++ + 3 files changed, 62 insertions(+), 13 deletions(-) + +diff --git a/aom/aom_image.h b/aom/aom_image.h +index d5f0c08..11b668c 100644 +--- a/aom/aom_image.h ++++ b/aom/aom_image.h +@@ -244,10 +244,13 @@ typedef struct aom_image { + * is NULL, the storage for the descriptor will be + * allocated on the heap. + * \param[in] fmt Format for the image +- * \param[in] d_w Width of the image +- * \param[in] d_h Height of the image ++ * \param[in] d_w Width of the image. Must not exceed 0x08000000 ++ * (2^27). ++ * \param[in] d_h Height of the image. Must not exceed 0x08000000 ++ * (2^27). + * \param[in] align Alignment, in bytes, of the image buffer and +- * each row in the image (stride). ++ * each row in the image (stride). Must not exceed ++ * 65536. + * + * \return Returns a pointer to the initialized image descriptor. If the img + * parameter is non-null, the value of the img parameter will be +@@ -267,10 +270,12 @@ aom_image_t *aom_img_alloc(aom_image_t *img, aom_img_fmt_t fmt, + * is NULL, the storage for the descriptor will be + * allocated on the heap. + * \param[in] fmt Format for the image +- * \param[in] d_w Width of the image +- * \param[in] d_h Height of the image ++ * \param[in] d_w Width of the image. Must not exceed 0x08000000 ++ * (2^27). ++ * \param[in] d_h Height of the image. Must not exceed 0x08000000 ++ * (2^27). + * \param[in] align Alignment, in bytes, of each row in the image +- * (stride). ++ * (stride). Must not exceed 65536. + * \param[in] img_data Storage to use for the image + * + * \return Returns a pointer to the initialized image descriptor. If the img +@@ -291,12 +296,16 @@ aom_image_t *aom_img_wrap(aom_image_t *img, aom_img_fmt_t fmt, unsigned int d_w, + * is NULL, the storage for the descriptor will be + * allocated on the heap. + * \param[in] fmt Format for the image +- * \param[in] d_w Width of the image +- * \param[in] d_h Height of the image ++ * (2^27). ++ * \param[in] d_h Height of the image. Must not exceed 0x08000000 ++ * (2^27). + * \param[in] align Alignment, in bytes, of the image buffer and +- * each row in the image (stride). ++ * each row in the image (stride). Must not exceed ++ * 65536. + * \param[in] size_align Alignment, in pixels, of the image width and height. ++ * Must not exceed 65536. + * \param[in] border A border that is padded on four sides of the image. ++ * Must not exceed 65536. + * + * \return Returns a pointer to the initialized image descriptor. If the img + * parameter is non-null, the value of the img parameter will be +diff --git a/aom/src/aom_image.c b/aom/src/aom_image.c +index acd3694..ca5e58c 100644 +--- a/aom/src/aom_image.c ++++ b/aom/src/aom_image.c +@@ -9,6 +9,7 @@ + * PATENTS file, you can obtain it at www.aomedia.org/license/patent. + */ + ++#include <assert.h> + #include <limits.h> + #include <stdlib.h> + #include <string.h> +@@ -36,10 +37,18 @@ static aom_image_t *img_alloc_helper( + /* NOTE: In this function, bit_depth is either 8 or 16 (if + * AOM_IMG_FMT_HIGHBITDEPTH is set), never 10 or 12. + */ +- unsigned int h, w, xcs, ycs, bps, bit_depth; ++ unsigned int xcs, ycs, bps, bit_depth; + + if (img != NULL) memset(img, 0, sizeof(aom_image_t)); + ++ /* Impose maximum values on input parameters so that this function can ++ * perform arithmetic operations without worrying about overflows. ++ */ ++ if (d_w > 0x08000000 || d_h > 0x08000000 || buf_align > 65536 || ++ stride_align > 65536 || size_align > 65536 || border > 65536) { ++ goto fail; ++ } ++ + /* Treat align==0 like align==1 */ + if (!buf_align) buf_align = 1; + +@@ -102,11 +111,13 @@ static aom_image_t *img_alloc_helper( + } + + /* Calculate storage sizes given the chroma subsampling */ +- w = align_image_dimension(d_w, xcs, size_align); +- h = align_image_dimension(d_h, ycs, size_align); ++ const unsigned int w = align_image_dimension(d_w, xcs, size_align); ++ assert(d_w <= w); ++ const unsigned int h = align_image_dimension(d_h, ycs, size_align); ++ assert(d_h <= h); + + uint64_t s = (fmt & AOM_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / bit_depth; +- s = (s + 2 * border + stride_align - 1) & ~(stride_align - 1); ++ s = (s + 2 * border + stride_align - 1) & ~((uint64_t)stride_align - 1); + s = s * bit_depth / 8; + if (s > INT_MAX) goto fail; + const int stride_in_bytes = (int)s; +diff --git a/test/aom_image_test.cc b/test/aom_image_test.cc +index 69b777b..2b8bdfc 100644 +--- a/test/aom_image_test.cc ++++ b/test/aom_image_test.cc +@@ -9,6 +9,8 @@ + * PATENTS file, you can obtain it at www.aomedia.org/license/patent. + */ + ++#include <climits> ++ + #include "aom/aom_image.h" + #include "third_party/googletest/src/googletest/include/gtest/gtest.h" + +@@ -71,6 +73,20 @@ TEST(AomImageTest, AomImgAllocHugeWidth) { + image = aom_img_alloc(nullptr, AOM_IMG_FMT_I420, 0x80000000, 1, 1); + ASSERT_EQ(image, nullptr); + ++ // The aligned width (UINT_MAX + 1) would overflow unsigned int. ++ image = aom_img_alloc(nullptr, AOM_IMG_FMT_I420, UINT_MAX, 1, 1); ++ ASSERT_EQ(image, nullptr); ++ ++ image = aom_img_alloc_with_border(nullptr, AOM_IMG_FMT_I422, 1, INT_MAX, 1, ++ 0x40000000, 0); ++ if (image) { ++ uint16_t *y_plane = ++ reinterpret_cast<uint16_t *>(image->planes[AOM_PLANE_Y]); ++ y_plane[0] = 0; ++ y_plane[image->d_w - 1] = 0; ++ aom_img_free(image); ++ } ++ + image = aom_img_alloc(nullptr, AOM_IMG_FMT_I420, 0x7ffffffe, 1, 1); + if (image) { + aom_img_free(image); +@@ -91,8 +107,21 @@ TEST(AomImageTest, AomImgAllocHugeWidth) { + aom_img_free(image); + } + ++ image = aom_img_alloc(nullptr, AOM_IMG_FMT_I42016, 65536, 2, 1); ++ if (image) { ++ uint16_t *y_plane = ++ reinterpret_cast<uint16_t *>(image->planes[AOM_PLANE_Y]); ++ y_plane[0] = 0; ++ y_plane[image->d_w - 1] = 0; ++ aom_img_free(image); ++ } ++ + image = aom_img_alloc(nullptr, AOM_IMG_FMT_I42016, 285245883, 2, 1); + if (image) { ++ uint16_t *y_plane = ++ reinterpret_cast<uint16_t *>(image->planes[AOM_PLANE_Y]); ++ y_plane[0] = 0; ++ y_plane[image->d_w - 1] = 0; + aom_img_free(image); + } + } +-- +2.41.0 + diff --git a/Fix-integer-overflows-in-calc-of-stride_in_bytes.patch b/Fix-integer-overflows-in-calc-of-stride_in_bytes.patch new file mode 100644 index 0000000..7382e8b --- /dev/null +++ b/Fix-integer-overflows-in-calc-of-stride_in_bytes.patch @@ -0,0 +1,127 @@ +From 19d9966572a410804349e1a8ee2017fed49a6dab Mon Sep 17 00:00:00 2001 +From: Wan-Teh Chang <wtc@google.com> +Date: Wed, 3 Apr 2024 20:08:16 +0000 +Subject: [PATCH 1/2] Fix integer overflows in calc of stride_in_bytes + +Fix unsigned integer overflows in the calculation of stride_in_bytes in +img_alloc_helper() when d_w is huge. + +Change the type of stride_in_bytes from unsigned int to int because it +will be assigned to img->stride[AOM_PLANE_Y], which is of the int type. + +Test: +cmake ../aom -G Ninja -DCMAKE_C_COMPILER=clang \ + -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_BUILD_TYPE=Debug \ + -DSANITIZE=unsigned-integer-overflow +ninja +./test_libaom --gtest_filter=AomImageTest.AomImgAllocHugeWidth + +Bug: chromium:332382766 +Change-Id: Iaccb83bcd13ddc3ea5e6f01da91bb01215ddb461 +(cherry picked from commit 7aa2edc2b09f98c32820923d813fd73eb23b5861) +--- + aom/src/aom_image.c | 15 ++++++++------- + test/aom_image_test.cc | 36 ++++++++++++++++++++++++++++++++++++ + 2 files changed, 44 insertions(+), 7 deletions(-) + +diff --git a/aom/src/aom_image.c b/aom/src/aom_image.c +index 8e94d5d..acd3694 100644 +--- a/aom/src/aom_image.c ++++ b/aom/src/aom_image.c +@@ -36,8 +36,7 @@ static aom_image_t *img_alloc_helper( + /* NOTE: In this function, bit_depth is either 8 or 16 (if + * AOM_IMG_FMT_HIGHBITDEPTH is set), never 10 or 12. + */ +- unsigned int h, w, s, xcs, ycs, bps, bit_depth; +- unsigned int stride_in_bytes; ++ unsigned int h, w, xcs, ycs, bps, bit_depth; + + if (img != NULL) memset(img, 0, sizeof(aom_image_t)); + +@@ -106,9 +105,11 @@ static aom_image_t *img_alloc_helper( + w = align_image_dimension(d_w, xcs, size_align); + h = align_image_dimension(d_h, ycs, size_align); + +- s = (fmt & AOM_IMG_FMT_PLANAR) ? w : bps * w / bit_depth; ++ uint64_t s = (fmt & AOM_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / bit_depth; + s = (s + 2 * border + stride_align - 1) & ~(stride_align - 1); +- stride_in_bytes = s * bit_depth / 8; ++ s = s * bit_depth / 8; ++ if (s > INT_MAX) goto fail; ++ const int stride_in_bytes = (int)s; + + /* Allocate the new image */ + if (!img) { +@@ -230,7 +231,7 @@ int aom_img_set_rect(aom_image_t *img, unsigned int x, unsigned int y, + + img->planes[AOM_PLANE_Y] = + data + x * bytes_per_sample + y * img->stride[AOM_PLANE_Y]; +- data += (img->h + 2 * border) * img->stride[AOM_PLANE_Y]; ++ data += ((size_t)img->h + 2 * border) * img->stride[AOM_PLANE_Y]; + + unsigned int uv_border_h = border >> img->y_chroma_shift; + unsigned int uv_x = x >> img->x_chroma_shift; +@@ -242,14 +243,14 @@ int aom_img_set_rect(aom_image_t *img, unsigned int x, unsigned int y, + } else if (!(img->fmt & AOM_IMG_FMT_UV_FLIP)) { + img->planes[AOM_PLANE_U] = + data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_U]; +- data += ((img->h >> img->y_chroma_shift) + 2 * uv_border_h) * ++ data += ((size_t)(img->h >> img->y_chroma_shift) + 2 * uv_border_h) * + img->stride[AOM_PLANE_U]; + img->planes[AOM_PLANE_V] = + data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_V]; + } else { + img->planes[AOM_PLANE_V] = + data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_V]; +- data += ((img->h >> img->y_chroma_shift) + 2 * uv_border_h) * ++ data += ((size_t)(img->h >> img->y_chroma_shift) + 2 * uv_border_h) * + img->stride[AOM_PLANE_V]; + img->planes[AOM_PLANE_U] = + data + uv_x * bytes_per_sample + uv_y * img->stride[AOM_PLANE_U]; +diff --git a/test/aom_image_test.cc b/test/aom_image_test.cc +index ad48e73..69b777b 100644 +--- a/test/aom_image_test.cc ++++ b/test/aom_image_test.cc +@@ -60,3 +60,39 @@ TEST(AomImageTest, AomImgAllocNv12) { + EXPECT_EQ(img.planes[AOM_PLANE_V], nullptr); + aom_img_free(&img); + } ++ ++TEST(AomImageTest, AomImgAllocHugeWidth) { ++ // The stride (0x80000000 * 2) would overflow unsigned int. ++ aom_image_t *image = ++ aom_img_alloc(nullptr, AOM_IMG_FMT_I42016, 0x80000000, 1, 1); ++ ASSERT_EQ(image, nullptr); ++ ++ // The stride (0x80000000) would overflow int. ++ image = aom_img_alloc(nullptr, AOM_IMG_FMT_I420, 0x80000000, 1, 1); ++ ASSERT_EQ(image, nullptr); ++ ++ image = aom_img_alloc(nullptr, AOM_IMG_FMT_I420, 0x7ffffffe, 1, 1); ++ if (image) { ++ aom_img_free(image); ++ } ++ ++ image = aom_img_alloc(nullptr, AOM_IMG_FMT_I420, 285245883, 64, 1); ++ if (image) { ++ aom_img_free(image); ++ } ++ ++ image = aom_img_alloc(nullptr, AOM_IMG_FMT_NV12, 285245883, 64, 1); ++ if (image) { ++ aom_img_free(image); ++ } ++ ++ image = aom_img_alloc(nullptr, AOM_IMG_FMT_YV12, 285245883, 64, 1); ++ if (image) { ++ aom_img_free(image); ++ } ++ ++ image = aom_img_alloc(nullptr, AOM_IMG_FMT_I42016, 285245883, 2, 1); ++ if (image) { ++ aom_img_free(image); ++ } ++} +-- +2.41.0 + diff --git a/aom.spec b/aom.spec new file mode 100644 index 0000000..3da1633 --- /dev/null +++ b/aom.spec @@ -0,0 +1,129 @@ +%global sover 3 + +# No libvmaf on openEuler +#ifarch x86_64 +#bcond_without vmaf +#endif + +# No highway & jpegxl on openEuler +#bcond_without jpegxl + +Name: aom +Version: 3.8.3 +Release: 1 +Summary: Royalty-free next-generation video format + +License: BSD-3-Clause +URL: http://aomedia.org/ +Source0: https://aomedia.googlesource.com/%{name}/+archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz + +Patch01: Fix-integer-overflows-in-calc-of-stride_in_bytes.patch +Patch02: Avoid-integer-overflows-in-align_image_dimension.patch + +BuildRequires: gcc-c++ gcc cmake +BuildRequires: doxygen git-core +BuildRequires: perl-interpreter perl(Getopt::Long) perl-interpreter python3-devel yasm +%if %{with jpegxl} +BuildRequires: pkgconfig(libjxl) +BuildRequires: pkgconfig(libhwy) +%endif +%if %{with vmaf} +BuildRequires: pkgconfig(libvmaf) +%endif + +Provides: av1 = %{version}-%{release} +Requires: libaom%{?_isa} = %{version}-%{release} + +%description +The Alliance for Open Media’s focus is to deliver a next-generation +video format that is: + + - Interoperable and open; + - Optimized for the Internet; + - Scalable to any modern device at any bandwidth; + - Designed with a low computational footprint and optimized for hardware; + - Capable of consistent, highest-quality, real-time video delivery; and + - Flexible for both commercial and non-commercial content, including + user-generated content. + +This package contains the reference encoder and decoder. + +%package -n libaom +Summary: Library files for aom + +%description -n libaom +Library files for aom, the royalty-free next-generation +video format. + +%package -n libaom-devel +Summary: Development files for aom +Requires: libaom%{?_isa} = %{version}-%{release} + +%description -n libaom-devel +Development files for aom, the royalty-free next-generation +video format. + +%prep +%autosetup -p1 -c %{name}-%{version} +# Set GIT revision in version +sed -i 's@set(aom_version "")@set(aom_version "v%{version}")@' build/cmake/version.cmake +# Disable buggy PDF generation +sed -i "s@GENERATE_LATEX = YES@GENERATE_LATEX = NO@" libs.doxy_template + +%build +%ifarch %{arm} +%global optflags %{__global_compiler_flags} -march=armv7-a -mfpu=neon -mtune=cortex-a8 -mabi=aapcs-linux -mfloat-abi=hard +%endif + +%cmake -DENABLE_CCACHE=1 \ + -DCMAKE_SKIP_RPATH=1 \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCONFIG_WEBM_IO=1 \ + -DENABLE_DOCS=1 \ + -DCONFIG_ANALYZER=0 \ + -DENABLE_TESTS=0 \ + -DBUILD_SHARED_LIBS=1 \ +%if %{with jpegxl} + -DCONFIG_TUNE_BUTTERAUGLI=1 \ +%endif +%if %{with vmaf} + -DCONFIG_TUNE_VMAF=1 \ +%endif + %{nil} +%cmake_build + +%install +%cmake_install +rm -rvf %{buildroot}%{_libdir}/libaom.a + +%files +%doc AUTHORS CHANGELOG README.md +%license LICENSE PATENTS +%{_bindir}/aomdec +%{_bindir}/aomenc + +%files -n libaom +%license LICENSE PATENTS +%{_libdir}/libaom.so.%{sover}* + +%files -n libaom-devel +%doc %{_vpath_builddir}/docs/html/ +%{_includedir}/%{name} +%{_libdir}/libaom.so +%{_libdir}/pkgconfig/%{name}.pc + +%changelog +* Wed Aug 07 2024 Funda Wang <fundawang@yeah.net> - 3.8.3-1 +- update to 3.8.3 + +* Thu Jun 06 2024 yinyongkang <yinyongkang@kylinos.cn> - 3.8.1-2 +- fix CVE-2024-5171 + +* Mon Mar 04 2024 liweigang <izmirvii@gmail.com> - 3.8.1-1 +- upgrade package version to 3.8.1 + +* Wed Dec 20 2023 misaka00251 <liuxin@iscas.ac.cn> - 3.8.0-1 +- Upgrade package version to 3.8.0 + +* Fri May 07 2021 weidong <weidong@uniontech.com> - 1.0.0-1 +- Initial package. @@ -0,0 +1 @@ +cc631ed5c68c392ecd3643135997cf8b aom-3.8.3.tar.gz |