This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.3 in repository ffmpeg.
commit 257ab5a6ac8c28cfa44d0d650a0a50c6d2fdb427 Author: Michael Niedermayer <[email protected]> AuthorDate: Mon Oct 13 14:32:45 2025 +0200 Commit: James Almer <[email protected]> CommitDate: Fri Jan 2 21:58:51 2026 +0000 swscale/output: Fix integer overflow in yuv2ya16_X_c_template() Found-by: colod colod <[email protected]> Fixes: CVE-2025-63757 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0c6b7f9483a38657c9be824572b4c0c45d4d9fef) Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ac4caa33bae5841649c61d4f8a0608dfa59c4fa1) Signed-off-by: Carlos Henrique Lima Melara <[email protected]> --- libswscale/output.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libswscale/output.c b/libswscale/output.c index 3cb00b4c99..d9b16f3516 100644 --- a/libswscale/output.c +++ b/libswscale/output.c @@ -909,7 +909,7 @@ yuv2ya16_X_c_template(SwsContext *c, const int16_t *lumFilter, int A = 0xffff; for (j = 0; j < lumFilterSize; j++) - Y += lumSrc[j][i] * lumFilter[j]; + Y += lumSrc[j][i] * (unsigned)lumFilter[j]; Y >>= 15; Y += (1<<3) + 0x8000; @@ -918,7 +918,7 @@ yuv2ya16_X_c_template(SwsContext *c, const int16_t *lumFilter, if (hasAlpha) { A = -0x40000000 + (1<<14); for (j = 0; j < lumFilterSize; j++) - A += alpSrc[j][i] * lumFilter[j]; + A += alpSrc[j][i] * (unsigned)lumFilter[j]; A >>= 15; A += 0x8000; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
