1 files changed, 32 insertions, 0 deletions

diff --git a/multimedia/mythtv/files/patch-CVE-2017-09991 b/multimedia/mythtv/files/patch-CVE-2017-09991
new file mode 100644
index 000000000000..4ce00103fb24
--- /dev/null
+++ b/multimedia/mythtv/files/patch-CVE-2017-09991
@@ -0,0 +1,32 @@
+From 85c8c0c826e78d159ea242ce64d7e8feeeeca741 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sun, 7 May 2017 18:50:49 +0200
+Subject: [PATCH] avcodec/xwddec: Check bpp more completely
+
+Fixes out of array access
+Fixes: 1399/clusterfuzz-testcase-minimized-4866094172995584
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 441026fcb13ac23aa10edc312bdacb6445a0ad06)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavcodec/xwddec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git libavcodec/xwddec.c libavcodec/xwddec.c
+index 64cd8418a20..8b0845fc013 100644
+--- external/FFmpeg/libavcodec/xwddec.c
++++ external/FFmpeg/libavcodec/xwddec.c
+@@ -157,9 +157,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data,
+     case XWD_GRAY_SCALE:
+         if (bpp != 1 && bpp != 8)
+             return AVERROR_INVALIDDATA;
+-        if (pixdepth == 1) {
++        if (bpp == 1 && pixdepth == 1) {
+             avctx->pix_fmt = AV_PIX_FMT_MONOWHITE;
+-        } else if (pixdepth == 8) {
++        } else if (bpp == 8 && pixdepth == 8) {
+             avctx->pix_fmt = AV_PIX_FMT_GRAY8;
+         }
+         break;