PR #21764 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21764 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21764.patch
resample_linear can produce overflows with craftet input, The added casts should have no effect on the binary output or the operations they just change things to a defined regime Fixes: signed integer overflow: 2069416960 + 78151680 cannot be represented in type 'int' Fixes: 472047214/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-6374046976770048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 4e0ece554b889ae4c20ae3acd01df3bec099de10 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Sun, 15 Feb 2026 02:18:01 +0100 Subject: [PATCH] swresample/resample_template: add casts to avoid undefined overflows resample_linear can produce overflows with craftet input, The added casts should have no effect on the binary output or the operations they just change things to a defined regime Fixes: signed integer overflow: 2069416960 + 78151680 cannot be represented in type 'int' Fixes: 472047214/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-6374046976770048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libswresample/resample_template.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/libswresample/resample_template.c b/libswresample/resample_template.c index 4c227b9940..c6cc55e7ad 100644 --- a/libswresample/resample_template.c +++ b/libswresample/resample_template.c @@ -25,6 +25,8 @@ * @author Michael Niedermayer <[email protected]> */ +// FELEM2U, a variant of FELEM2 which does not produce undefined overflow + #if defined(TEMPLATE_RESAMPLE_DBL) # define RENAME(N) N ## _double @@ -32,6 +34,7 @@ # define DELEM double # define FELEM double # define FELEM2 double +# define FELEM2U double # define FOFFSET 0 # define OUT(d, v) d = v @@ -42,6 +45,7 @@ # define DELEM float # define FELEM float # define FELEM2 float +# define FELEM2U float # define FOFFSET 0 # define OUT(d, v) d = v @@ -52,6 +56,7 @@ # define DELEM int32_t # define FELEM int32_t # define FELEM2 int64_t +# define FELEM2U uint64_t # define FELEM_MAX INT32_MAX # define FELEM_MIN INT32_MIN # define FOFFSET (1<<(FILTER_SHIFT-1)) @@ -64,6 +69,7 @@ # define DELEM int16_t # define FELEM int16_t # define FELEM2 int32_t +# define FELEM2U uint32_t # define FELEML int64_t # define FELEM_MAX INT16_MAX # define FELEM_MIN INT16_MIN @@ -161,7 +167,7 @@ static int RENAME(resample_linear)(ResampleContext *c, for (dst_index = 0; dst_index < n; dst_index++) { FELEM *filter = ((FELEM *) c->filter_bank) + c->filter_alloc * index; - FELEM2 val = FOFFSET, v2 = FOFFSET; + FELEM2U val = FOFFSET, v2 = FOFFSET; int i; for (i = 0; i < c->filter_length; i++) { @@ -169,15 +175,15 @@ static int RENAME(resample_linear)(ResampleContext *c, v2 += src[sample_index + i] * (FELEM2)filter[i + c->filter_alloc]; } #ifdef FELEML - val += (v2 - val) * (FELEML) frac / c->src_incr; + val += (FELEM2)(v2 - val) * (FELEML) frac / c->src_incr; #else # if FILTER_SHIFT == 0 - val += (v2 - val) * inv_src_incr * frac; + val += (FELEM2)(v2 - val) * inv_src_incr * frac; # else - val += (v2 - val) / c->src_incr * frac; + val += (FELEM2)(v2 - val) / c->src_incr * frac; # endif #endif - OUT(dst[dst_index], val); + OUT(dst[dst_index], (FELEM2)val); frac += c->dst_incr_mod; index += c->dst_incr_div; @@ -205,6 +211,7 @@ static int RENAME(resample_linear)(ResampleContext *c, #undef DELEM #undef FELEM #undef FELEM2 +#undef FELEM2U #undef FELEML #undef FELEM_MAX #undef FELEM_MIN -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
