[FFmpeg-cvslog] swscale/output: Fix undefined overflow in yuv2rgba64_full_X_c_template()
Michael Niedermayer
git at videolan.org
Thu Jan 23 03:14:21 EET 2025
ffmpeg | branch: release/7.1 | Michael Niedermayer <michael at niedermayer.cc> | Sun Dec 1 03:25:09 2024 +0100| [658029334e078a9f0af1efbcbbd8daf871241dc2] | committer: Michael Niedermayer
swscale/output: Fix undefined overflow in yuv2rgba64_full_X_c_template()
Fixes: signed integer overflow: -1082982400 + -1195645138 cannot be represented in type 'int'
Fixes: 376136843/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4791844321427456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 56faee21c136942c491f30a2e82cfbbfce180beb)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=658029334e078a9f0af1efbcbbd8daf871241dc2
---
libswscale/output.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index ae9a50637a..366883ab1b 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1352,9 +1352,9 @@ yuv2rgba64_full_X_c_template(SwsContext *c, const int16_t *lumFilter,
B = U * c->yuv2rgb_u2b_coeff;
// 8bit: 30 - 22 = 8bit, 16bit: 30bit - 14 = 16bit
- output_pixel(&dest[0], av_clip_uintp2(((R_B + Y)>>14) + (1<<15), 16));
- output_pixel(&dest[1], av_clip_uintp2((( G + Y)>>14) + (1<<15), 16));
- output_pixel(&dest[2], av_clip_uintp2(((B_R + Y)>>14) + (1<<15), 16));
+ output_pixel(&dest[0], av_clip_uintp2(((int)(R_B + (unsigned)Y)>>14) + (1<<15), 16));
+ output_pixel(&dest[1], av_clip_uintp2(((int)( G + (unsigned)Y)>>14) + (1<<15), 16));
+ output_pixel(&dest[2], av_clip_uintp2(((int)(B_R + (unsigned)Y)>>14) + (1<<15), 16));
if (eightbytes) {
output_pixel(&dest[3], av_clip_uintp2(A, 30) >> 14);
dest += 4;
More information about the ffmpeg-cvslog
mailing list