This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit 84d6237c7a3ca22006e742da9e8f4fe4290e6461 Author: Michael Niedermayer <[email protected]> AuthorDate: Wed Jan 21 01:38:42 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 17:13:14 2026 +0200 swscale/utils: Sanity check sizeFactor Fixes: multiple integer overflows Fixes: out of array access The PoC modifies filter parameters generally inaccessable to an attacker Found-by: Zhenpeng (Leo) Lin from depthfirst Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 404775a1412d150f2ab79fe3853a2156ddd6c2a0) Signed-off-by: Michael Niedermayer <[email protected]> --- libswscale/utils.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libswscale/utils.c b/libswscale/utils.c index a416059eac..f790bd993f 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -472,6 +472,11 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos, sizeFactor = param[0] != SWS_PARAM_DEFAULT ? ceil(2 * param[0]) : 6; av_assert0(sizeFactor > 0); + if (sizeFactor > 50) { + ret = AVERROR(EINVAL); + goto fail; + } + if (xInc <= 1 << 16) filterSize = 1 + sizeFactor; // upscale else _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
