1 files changed, 29 insertions, 0 deletions

diff --git a/multimedia/mythtv/files/patch-CVE-2017-09996a b/multimedia/mythtv/files/patch-CVE-2017-09996a
new file mode 100644
index 000000000000..a1785ef0d395
--- /dev/null
+++ b/multimedia/mythtv/files/patch-CVE-2017-09996a
@@ -0,0 +1,29 @@
+From 7a69c1b2abfa96f0578cbd3ff82126b883ba6ef0 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Sat, 6 May 2017 22:24:52 +0200
+Subject: [PATCH] avcodec/cdxl: Check format parameter
+
+Fixes out of array access
+Fixes: 1378/clusterfuzz-testcase-minimized-5715088008806400
+
+Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavcodec/cdxl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git libavcodec/cdxl.c libavcodec/cdxl.c
+index 7a9b41943d8..5c0ecb279c7 100644
+--- external/FFmpeg/libavcodec/cdxl.c
++++ external/FFmpeg/libavcodec/cdxl.c
+@@ -277,7 +277,7 @@ static int cdxl_decode_frame(AVCodecContext *avctx, void *data,
+     c->padded_bits  = aligned_width - c->avctx->width;
+     if (c->video_size < aligned_width * avctx->height * (int64_t)c->bpp / 8)
+         return AVERROR_INVALIDDATA;
+-    if (!encoding && c->palette_size && c->bpp <= 8) {
++    if (!encoding && c->palette_size && c->bpp <= 8 && c->format != CHUNKY) {
+         avctx->pix_fmt = AV_PIX_FMT_PAL8;
+     } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8)) {
+         if (c->palette_size != (1 << (c->bpp - 1)))