PR #23155 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23155 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23155.patch
>From 80883b77f467a489753d58c061d8f14cb185a4a6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Tue, 19 May 2026 16:32:17 +0200 Subject: [PATCH 1/2] swscale/rgb2rgb_template: use unsigned for <<24 This is not a security issue Found-by: jiale yao Signed-off-by: Michael Niedermayer <[email protected]> --- libswscale/rgb2rgb_template.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libswscale/rgb2rgb_template.c b/libswscale/rgb2rgb_template.c index 48959b6b5f..1f0aef1fb9 100644 --- a/libswscale/rgb2rgb_template.c +++ b/libswscale/rgb2rgb_template.c @@ -406,11 +406,11 @@ static inline void yuvPlanartoyuy2_c(const uint8_t *ysrc, const uint8_t *usrc, for (i = 0; i < chromWidth; i++) { #if HAVE_BIGENDIAN - *idst++ = (yc[0] << 24) + (uc[0] << 16) + + *idst++ = ((unsigned)yc[0] << 24) + (uc[0] << 16) + (yc[1] << 8) + (vc[0] << 0); #else *idst++ = yc[0] + (uc[0] << 8) + - (yc[1] << 16) + (vc[0] << 24); + (yc[1] << 16) + ((unsigned)vc[0] << 24); #endif yc += 2; uc++; -- 2.52.0 >From 88f7c7c1ea95c359599b116094428bf4913c9bc7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Tue, 19 May 2026 16:47:46 +0200 Subject: [PATCH 2/2] avformat/gxfenc: Check timecode and propagate error Not a security issue Fixes: ./ffmpeg -f lavfi -i testsrc=duration=0.1:size=720x480:rate=30 -c:v mpeg2video -frames:v 1 -metadata timecode="999999999:00:00:00" -f gxf output.gxf Found-by: jiale yao Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/gxfenc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libavformat/gxfenc.c b/libavformat/gxfenc.c index 43ffa9d455..3172433e33 100644 --- a/libavformat/gxfenc.c +++ b/libavformat/gxfenc.c @@ -669,9 +669,12 @@ static int gxf_init_timecode(AVFormatContext *s, GXFTimecode *tc, const char *tc if (sscanf(tcstr, "%d:%d:%d%c%d", &tc->hh, &tc->mm, &tc->ss, &c, &tc->ff) != 5) { av_log(s, AV_LOG_ERROR, "unable to parse timecode, " "syntax: hh:mm:ss[:;.]ff\n"); - return -1; + return AVERROR(EINVAL); } + if (tc->hh > 31U || tc->mm > 255U || tc->ss > 255U || tc->ff > 255U) + return AVERROR(EINVAL); + tc->color = 0; tc->drop = c != ':'; @@ -803,8 +806,11 @@ static int gxf_write_header(AVFormatContext *s) sc->order = s->nb_streams - st->index; } - if (tcr && vsc) - gxf_init_timecode(s, &gxf->tc, tcr->value, vsc->fields); + if (tcr && vsc) { + ret = gxf_init_timecode(s, &gxf->tc, tcr->value, vsc->fields); + if (ret < 0) + return ret; + } gxf_init_timecode_track(&gxf->timecode_track, vsc); gxf->flags |= 0x200000; // time code track is non-drop frame -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
