| Message ID | 20241010001832.1120712-1-michael@niedermayer.cc |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,1/5] swscale/rgb2rgb_template: Fix ff_rgb24toyv12_c() with odd height | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
On Thu, Oct 10, 2024 at 02:18:28AM +0200, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: 368143798/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6475823425585152 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libswscale/rgb2rgb_template.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) will apply patchset except #4 as that area has been fixed differently [...]
diff --git a/libswscale/rgb2rgb_template.c b/libswscale/rgb2rgb_template.c index 197450169a8..84b9da0911e 100644 --- a/libswscale/rgb2rgb_template.c +++ b/libswscale/rgb2rgb_template.c @@ -640,7 +640,7 @@ static inline void uyvytoyv12_c(const uint8_t *src, uint8_t *ydst, } /** - * Height should be a multiple of 2 and width should be a multiple of 2. + * width should be a multiple of 2. * (If this is a problem for anyone then tell me, and I will fix it.) */ void ff_rgb24toyv12_c(const uint8_t *src, uint8_t *ydst, uint8_t *udst, @@ -659,6 +659,11 @@ void ff_rgb24toyv12_c(const uint8_t *src, uint8_t *ydst, uint8_t *udst, for (y = 0; y < height; y += 2) { int i; + if (y + 1 == height) { + ydst2 = ydst1; + src2 = src1; + } + for (i = 0; i < chromWidth; i++) { unsigned int b11 = src1[6 * i + 0]; unsigned int g11 = src1[6 * i + 1];
Fixes: out of array access Fixes: 368143798/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6475823425585152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libswscale/rgb2rgb_template.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)