[FFmpeg-devel] [PATCH 1/2] swscale/output: alpha can become negative after scaling, use multiply
Michael Niedermayer
michael at niedermayer.cc
Sun Jun 16 10:48:30 EEST 2024
Fixes: left shift of negative value -3245
Fixes: 69047/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6571511551950848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libswscale/output.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index b234f9c6b9a..f9ce43dde80 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1221,8 +1221,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0,
Y2 += (1 << 13) - (1 << 29);
if (hasAlpha) {
- A1 = abuf0[i * 2 ] << 11;
- A2 = abuf0[i * 2 + 1] << 11;
+ A1 = abuf0[i * 2 ] * (1 << 11);
+ A2 = abuf0[i * 2 + 1] * (1 << 11);
A1 += 1 << 13;
A2 += 1 << 13;
@@ -1267,8 +1267,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0,
Y2 += (1 << 13) - (1 << 29);
if (hasAlpha) {
- A1 = abuf0[i * 2 ] << 11;
- A2 = abuf0[i * 2 + 1] << 11;
+ A1 = abuf0[i * 2 ] * (1 << 11);
+ A2 = abuf0[i * 2 + 1] * (1 << 11);
A1 += 1 << 13;
A2 += 1 << 13;
@@ -1439,7 +1439,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0,
Y += (1 << 13) - (1 << 29);
if (hasAlpha) {
- A = abuf0[i] << 11;
+ A = abuf0[i] * (1 << 11);
A += 1 << 13;
}
@@ -1472,7 +1472,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0,
Y += (1 << 13) - (1 << 29);
if (hasAlpha) {
- A = abuf0[i] << 11;
+ A = abuf0[i] * (1 << 11);
A += 1 << 13;
}
--
2.45.2
More information about the ffmpeg-devel
mailing list