This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit 53dd13bee499febfe0de116b7970b2c2cac37981 Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Jan 21 01:38:42 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 18:54:57 2026 +0200 swscale/utils: Sanity check sizeFactor Fixes: multiple integer overflows Fixes: out of array access The PoC modifies filter parameters generally inaccessable to an attacker Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 404775a1412d150f2ab79fe3853a2156ddd6c2a0) Signed-off-by: Michael Niedermayer <[email protected]> --- libswscale/utils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libswscale/utils.c b/libswscale/utils.c index 1e27238a6f..93e73a8f8c 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -419,6 +419,11 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos, sizeFactor = param[0] != SWS_PARAM_DEFAULT ? ceil(2 * param[0]) : 6; av_assert0(sizeFactor > 0); + if (sizeFactor > 50) { + ret = AVERROR(EINVAL); + goto fail; + } + if (xInc <= 1 << 16) filterSize = 1 + sizeFactor; // upscale else _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
