This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit 946ce12e1c36e0cbfca2145ec66dcbc28350de38 Author: Michael Niedermayer <[email protected]> AuthorDate: Tue Mar 3 20:41:30 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Fri Mar 6 23:09:44 2026 +0100 swscale/utils: Check *Inc Fixes: signed integer overflow: -2147483648 - 65536 cannot be represented in type 'int' Fixes: #21588 Found-by: HAORAN FANG Signed-off-by: Michael Niedermayer <[email protected]> --- libswscale/utils.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index ab9478dc16..89fe6c8a1c 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -1224,8 +1224,8 @@ av_cold int ff_sws_init_single_context(SwsContext *sws, SwsFilter *srcFilter, if (!srcFilter) srcFilter = &dummyFilter; - c->lumXInc = (((int64_t)srcW << 16) + (dstW >> 1)) / dstW; - c->lumYInc = (((int64_t)srcH << 16) + (dstH >> 1)) / dstH; + int64_t lumXInc = (((int64_t)srcW << 16) + (dstW >> 1)) / dstW; + int64_t lumYInc = (((int64_t)srcH << 16) + (dstH >> 1)) / dstH; c->dstFormatBpp = av_get_bits_per_pixel(desc_dst); c->srcFormatBpp = av_get_bits_per_pixel(desc_src); c->vRounder = 4 * 0x0001000100010001ULL; @@ -1402,8 +1402,8 @@ av_cold int ff_sws_init_single_context(SwsContext *sws, SwsFilter *srcFilter, } else c->canMMXEXTBeUsed = 0; - c->chrXInc = (((int64_t)c->chrSrcW << 16) + (c->chrDstW >> 1)) / c->chrDstW; - c->chrYInc = (((int64_t)c->chrSrcH << 16) + (c->chrDstH >> 1)) / c->chrDstH; + int64_t chrXInc = (((int64_t)c->chrSrcW << 16) + (c->chrDstW >> 1)) / c->chrDstW; + int64_t chrYInc = (((int64_t)c->chrSrcH << 16) + (c->chrDstH >> 1)) / c->chrDstH; /* Match pixel 0 of the src to pixel 0 of dst and match pixel n-2 of src * to pixel n-2 of dst, but only for the FAST_BILINEAR mode otherwise do @@ -1414,15 +1414,26 @@ av_cold int ff_sws_init_single_context(SwsContext *sws, SwsFilter *srcFilter, * some special code for the first and last pixel */ if (flags & SWS_FAST_BILINEAR) { if (c->canMMXEXTBeUsed) { - c->lumXInc += 20; - c->chrXInc += 20; + lumXInc += 20; + chrXInc += 20; } // we don't use the x86 asm scaler if MMX is available else if (INLINE_MMX(cpu_flags) && c->dstBpc <= 14) { - c->lumXInc = ((int64_t)(srcW - 2) << 16) / (dstW - 2) - 20; - c->chrXInc = ((int64_t)(c->chrSrcW - 2) << 16) / (c->chrDstW - 2) - 20; + lumXInc = ((int64_t)(srcW - 2) << 16) / (dstW - 2) - 20; + chrXInc = ((int64_t)(c->chrSrcW - 2) << 16) / (c->chrDstW - 2) - 20; } } + if (chrXInc < 10 || chrXInc > INT_MAX || + chrYInc < 10 || chrYInc > INT_MAX || + lumXInc < 10 || lumXInc > INT_MAX || + lumYInc < 10 || lumYInc > INT_MAX) + return AVERROR_PATCHWELCOME; + + c->lumXInc = lumXInc; + c->lumYInc = lumYInc; + c->chrXInc = chrXInc; + c->chrYInc = chrYInc; + // hardcoded for now c->gamma_value = 2.2; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
