[FFmpeg-devel] [PATCH 3/8] swscale/output: Fix integer overflows in yuv2rgba64_1_c_template()
Michael Niedermayer
michael at niedermayer.cc
Fri Jun 20 03:32:50 EEST 2025
Fixes: signed integer overflow: -132524 * 16525 cannot be represented in type 'int'
Fixes: 414862270/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4869083202125824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libswscale/output.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index c37649e7ce5..c18c96a57a1 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1211,8 +1211,8 @@ yuv2rgba64_1_c_template(SwsInternal *c, const int32_t *buf0,
for (i = 0; i < ((dstW + 1) >> 1); i++) {
SUINT Y1 = (buf0[i * 2] ) >> 2;
SUINT Y2 = (buf0[i * 2 + 1]) >> 2;
- int U = (ubuf0[i] - (128 << 11)) >> 2;
- int V = (vbuf0[i] - (128 << 11)) >> 2;
+ SUINT U = (ubuf0[i] - (128 << 11)) >> 2;
+ SUINT V = (vbuf0[i] - (128 << 11)) >> 2;
int R, G, B;
Y1 -= c->yuv2rgb_y_offset;
@@ -1260,8 +1260,8 @@ yuv2rgba64_1_c_template(SwsInternal *c, const int32_t *buf0,
for (i = 0; i < ((dstW + 1) >> 1); i++) {
SUINT Y1 = (buf0[i * 2] ) >> 2;
SUINT Y2 = (buf0[i * 2 + 1]) >> 2;
- int U = (ubuf0[i] * uvalpha1 + ubuf1[i] * uvalpha - (128 << 23)) >> 14;
- int V = (vbuf0[i] * uvalpha1 + vbuf1[i] * uvalpha - (128 << 23)) >> 14;
+ SUINT U = (ubuf0[i] * uvalpha1 + ubuf1[i] * uvalpha - (128 << 23)) >> 14;
+ SUINT V = (vbuf0[i] * uvalpha1 + vbuf1[i] * uvalpha - (128 << 23)) >> 14;
int R, G, B;
Y1 -= c->yuv2rgb_y_offset;
--
2.49.0
More information about the ffmpeg-devel
mailing list