PR #22410 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22410 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22410.patch
Fixes: signed integer overflow: 130489 * 16525 cannot be represented in type 'int' Fixes: 488950053/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4627272670969856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 939b5eb9045d9ec7eb63562d284e920e3be37b27 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 5 Mar 2026 17:18:18 +0100 Subject: [PATCH] swscale/output: fix integer overflows in chroma in yuv2rgba64_X_c_template() Fixes: signed integer overflow: 130489 * 16525 cannot be represented in type 'int' Fixes: 488950053/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4627272670969856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libswscale/output.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libswscale/output.c b/libswscale/output.c index 94454860c3..1f955bdfff 100644 --- a/libswscale/output.c +++ b/libswscale/output.c @@ -1126,8 +1126,8 @@ yuv2rgba64_X_c_template(SwsInternal *c, const int16_t *lumFilter, int j; unsigned Y1 = -0x40000000; unsigned Y2 = -0x40000000; - int U = -(128 << 23); // 19 - int V = -(128 << 23); + unsigned U = -(128 << 23); // 19 + unsigned V = -(128 << 23); int R, G, B; for (j = 0; j < lumFilterSize; j++) { @@ -1157,8 +1157,8 @@ yuv2rgba64_X_c_template(SwsInternal *c, const int16_t *lumFilter, Y1 += 0x10000; Y2 = (int)Y2 >> 14; Y2 += 0x10000; - U >>= 14; - V >>= 14; + U = (int)U >> 14; + V = (int)V >> 14; // 8 bits: 27 -> 17 bits, 16 bits: 31 - 14 = 17 bits Y1 -= c->yuv2rgb_y_offset; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
