Debian Patches
Status for libvpx/1.12.0-1+deb12u5
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Relax-ABI-check.patch | Relax ABI check We have symbol files and version dependencies to properly track this. |
Sebastian Ramacher <sramacher@debian.org> | no | 2021-08-31 | ||
| 0002-encode_api_test-add-ConfigResizeChangeThreadCount.patch | encode_api_test: add ConfigResizeChangeThreadCount Update thread counts and resolution to ensure allocations are updated correctly. VP8 is disabled to avoid a crash. |
James Zern <jzern@google.com> | no | debian upstream | https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282 | 2023-09-25 |
| 0003-VP8-disallow-thread-count-changes.patch | VP8: disallow thread count changes Currently allocations are done at encoder creation time. Going from threaded to non-threaded would cause a crash. |
James Zern <jzern@google.com> | no | debian upstream | https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590 | 2023-09-25 |
| 0004-Fix-bug-with-smaller-width-bigger-size.patch | Fix bug with smaller width bigger size Fixed previous patch that clusterfuzz failed on. Local fuzzing passing overnight. (cherry picked from commit 263682c9a29395055f3b3afe2d97be1828a6223f) |
Jerome Jiang <jianj@google.com> | no | upstream | https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 | 2022-06-30 |
| 0001-Add-test-vpx_image_test.cc.patch | Add test/vpx_image_test.cc Ported from test/aom_image_test.cc in libaom commit 04d6253. (cherry picked from commit 3dbab0e66479e1b5368d4b7a069051dba85843cf) |
Wan-Teh Chang <wtc@google.com> | no | 2024-04-10 | ||
| 0002-Fix-integer-overflows-in-calc-of-stride_in_bytes.patch | Fix integer overflows in calc of stride_in_bytes A port of the libaom CL https://aomedia-review.googlesource.com/c/aom/+/188761. Fix unsigned integer overflows in the calculation of stride_in_bytes in img_alloc_helper() when d_w is huge. Change the type of stride_in_bytes from unsigned int to int because it will be assigned to img->stride[VPX_PLANE_Y], which is of the int type. Test: . ../libvpx/tools/set_analyzer_env.sh integer ../libvpx/configure --enable-debug --disable-optimizations make -j ./test_libvpx --gtest_filter=VpxImageTest.VpxImgAllocHugeWidth (cherry picked from commit 2e32276277c0b1739707c5e861c96cf78794f1a0) |
Wan-Teh Chang <wtc@google.com> | no | upstream | 2024-04-10 | |
| 0003-Avoid-integer-overflows-in-arithmetic-operations.patch | Avoid integer overflows in arithmetic operations A port of the libaom CL https://aomedia-review.googlesource.com/c/aom/+/188823. Impose maximum values on the input parameters so that we can perform arithmetic operations without worrying about overflows. Also change the VpxImageTest.VpxImgAllocHugeWidth test to write to the first and last samples in the first row of the Y plane, so that the test will crash if there is unsigned integer overflow in the calculation of stride_in_bytes. (cherry picked from commit 06af417e795e6a9b9309406ba399fb109def89e6) |
Wan-Teh Chang <wtc@google.com> | no | upstream | 2024-04-11 | |
| 0004-Fix-a-bug-in-alloc_size-for-high-bit-depths.patch | Fix a bug in alloc_size for high bit depths I introduced this bug in commit 2e32276: https://chromium-review.googlesource.com/c/webm/libvpx/+/5446333 I changed the line stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; to three lines: s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; if (s > INT_MAX) goto fail; stride_in_bytes = (int)s; But I didn't realize that `s` is used later in the calculation of alloc_size. As a quick fix, undo the effect of s * 2 for high bit depths after `s` has been assigned to stride_in_bytes. (cherry picked from commit 74c70af01667733483dc69298b8921779f5f6ff3) |
Wan-Teh Chang <wtc@google.com> | no | upstream | 2024-04-12 | |
| vpx_codec_enc_init_multi-fix-double-free-on-init-fai.patch | vpx_codec_enc_init_multi: fix double free on init failure In `vp8e_init()`, the encoder would take ownership of `mr_cfg.mr_low_res_mode_info` even if `vp8_create_compressor()` failed. This caused confusion at the call site as other failures in `vp8e_init()` did not result in ownership transfer and the caller would free the memory. In the case of `vp8_create_compressor()` failure both the caller and `vpx_codec_destroy()` would free the memory, causing a crash. `mr_*` related variables are now cleared on failure to prevent this situation. |
James Zern <jzern@google.com> | yes | upstream | 2025-04-30 | |
| CVE-2026-2447.patch | commit d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1 write_superframe_index: return 0 if buffer is full write_superframe_index() should return the number of bytes written to ctx->pending_cx_data. If ctx->pending_cx_data is full, write_superframe_index() doesn't write the optional superframe index, so it should return 0 in this case. Add an assertion that would have detected this bug. Add and clarify comments for code related to this bug. Also fix the buffer full check. The check should not assume that ctx->pending_cx_data is equal to ctx->cx_data, and the check had an off-by-one error. The bug was introduced when write_superframe_index() was added in the following CLs: https://chromium-review.googlesource.com/c/webm/libvpx/+/44659 https://chromium-review.googlesource.com/c/webm/libvpx/+/45268 Bug: oss-fuzz:476466137 Change-Id: Ie113568cf25acc73f8af640a3c51cfdb5b900613 |
Wan-Teh Chang <wtc@google.com> | no | 2026-01-21 |
All known versions for source package 'libvpx'
- 1.16.0-3 (sid, forky)
- 1.15.0-2.1+deb13u1 (trixie-proposed-updates, trixie-security)
- 1.15.0-2.1 (trixie)
- 1.12.0-1+deb12u5 (bookworm-security, bookworm-proposed-updates)
- 1.12.0-1+deb12u4 (bookworm)