PR #20957 opened by Ramiro Polla (ramiro) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20957 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20957.patch
This prevents out of bounds access on unscaled converters that process multiple lines at a time. Fixes issue #11691. >From 4c9ba5f6a6acb850e039ca4a4a6113e53850bd25 Mon Sep 17 00:00:00 2001 From: Ramiro Polla <[email protected]> Date: Tue, 18 Nov 2025 15:10:16 +0100 Subject: [PATCH] swscale/swscale_unscaled: validate slice alignment before unscaled conversion This prevents out of bounds access on unscaled converters that process multiple lines at a time. Fixes issue #11691. --- libswscale/swscale.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libswscale/swscale.c b/libswscale/swscale.c index f4c7eccac4..1d983f4420 100644 --- a/libswscale/swscale.c +++ b/libswscale/swscale.c @@ -1158,6 +1158,13 @@ static int scale_internal(SwsContext *sws, slice_h = dstSliceH; } + if (offset % c->dst_slice_align || slice_h % c->dst_slice_align) { + av_log(c, AV_LOG_ERROR, + "Incorrectly aligned output: %u/%u not multiples of %u\n", + offset, slice_h, c->dst_slice_align); + return AVERROR(EINVAL); + } + ret = c->convert_unscaled(c, src2, srcStride2, offset, slice_h, dst2, dstStride2); if (scale_dst) -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
