This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/7.1 in repository ffmpeg.
commit d113bd731750dfc53b18fa382907698e17ea1f64 Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Jan 21 01:38:42 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 15:57:03 2026 +0200 swscale/utils: Sanity check sizeFactor Fixes: multiple integer overflows Fixes: out of array access The PoC modifies filter parameters generally inaccessable to an attacker Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 404775a1412d150f2ab79fe3853a2156ddd6c2a0) Signed-off-by: Michael Niedermayer <[email protected]> --- libswscale/utils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libswscale/utils.c b/libswscale/utils.c index 405adcb69f..323882f043 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -501,6 +501,11 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos, sizeFactor = param[0] != SWS_PARAM_DEFAULT ? ceil(2 * param[0]) : 6; av_assert0(sizeFactor > 0); + if (sizeFactor > 50) { + ret = AVERROR(EINVAL); + goto fail; + } + if (xInc <= 1 << 16) filterSize = 1 + sizeFactor; // upscale else _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
