From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Cc: michaelni <code@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] swresample/resample_template: add casts to avoid undefined overflows (PR #21764)
Date: Sun, 15 Feb 2026 14:01:49 -0000
Message-ID: <177116410971.25.8246123649711188102@009cbcb3d8cd> (raw)
PR #21764 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21764
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21764.patch
resample_linear can produce overflows with craftet input,
The added casts should have no effect on the binary output or the operations they
just change things to a defined regime
Fixes: signed integer overflow: 2069416960 + 78151680 cannot be represented in type 'int'
Fixes: 472047214/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-6374046976770048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>From 4e0ece554b889ae4c20ae3acd01df3bec099de10 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 15 Feb 2026 02:18:01 +0100
Subject: [PATCH] swresample/resample_template: add casts to avoid undefined
overflows
resample_linear can produce overflows with craftet input,
The added casts should have no effect on the binary output or the operations they
just change things to a defined regime
Fixes: signed integer overflow: 2069416960 + 78151680 cannot be represented in type 'int'
Fixes: 472047214/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-6374046976770048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libswresample/resample_template.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/libswresample/resample_template.c b/libswresample/resample_template.c
index 4c227b9940..c6cc55e7ad 100644
--- a/libswresample/resample_template.c
+++ b/libswresample/resample_template.c
@@ -25,6 +25,8 @@
* @author Michael Niedermayer <michaelni@gmx.at>
*/
+// FELEM2U, a variant of FELEM2 which does not produce undefined overflow
+
#if defined(TEMPLATE_RESAMPLE_DBL)
# define RENAME(N) N ## _double
@@ -32,6 +34,7 @@
# define DELEM double
# define FELEM double
# define FELEM2 double
+# define FELEM2U double
# define FOFFSET 0
# define OUT(d, v) d = v
@@ -42,6 +45,7 @@
# define DELEM float
# define FELEM float
# define FELEM2 float
+# define FELEM2U float
# define FOFFSET 0
# define OUT(d, v) d = v
@@ -52,6 +56,7 @@
# define DELEM int32_t
# define FELEM int32_t
# define FELEM2 int64_t
+# define FELEM2U uint64_t
# define FELEM_MAX INT32_MAX
# define FELEM_MIN INT32_MIN
# define FOFFSET (1<<(FILTER_SHIFT-1))
@@ -64,6 +69,7 @@
# define DELEM int16_t
# define FELEM int16_t
# define FELEM2 int32_t
+# define FELEM2U uint32_t
# define FELEML int64_t
# define FELEM_MAX INT16_MAX
# define FELEM_MIN INT16_MIN
@@ -161,7 +167,7 @@ static int RENAME(resample_linear)(ResampleContext *c,
for (dst_index = 0; dst_index < n; dst_index++) {
FELEM *filter = ((FELEM *) c->filter_bank) + c->filter_alloc * index;
- FELEM2 val = FOFFSET, v2 = FOFFSET;
+ FELEM2U val = FOFFSET, v2 = FOFFSET;
int i;
for (i = 0; i < c->filter_length; i++) {
@@ -169,15 +175,15 @@ static int RENAME(resample_linear)(ResampleContext *c,
v2 += src[sample_index + i] * (FELEM2)filter[i + c->filter_alloc];
}
#ifdef FELEML
- val += (v2 - val) * (FELEML) frac / c->src_incr;
+ val += (FELEM2)(v2 - val) * (FELEML) frac / c->src_incr;
#else
# if FILTER_SHIFT == 0
- val += (v2 - val) * inv_src_incr * frac;
+ val += (FELEM2)(v2 - val) * inv_src_incr * frac;
# else
- val += (v2 - val) / c->src_incr * frac;
+ val += (FELEM2)(v2 - val) / c->src_incr * frac;
# endif
#endif
- OUT(dst[dst_index], val);
+ OUT(dst[dst_index], (FELEM2)val);
frac += c->dst_incr_mod;
index += c->dst_incr_div;
@@ -205,6 +211,7 @@ static int RENAME(resample_linear)(ResampleContext *c,
#undef DELEM
#undef FELEM
#undef FELEM2
+#undef FELEM2U
#undef FELEML
#undef FELEM_MAX
#undef FELEM_MIN
--
2.52.0
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
reply other threads:[~2026-02-15 14:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=177116410971.25.8246123649711188102@009cbcb3d8cd \
--to=ffmpeg-devel@ffmpeg.org \
--cc=code@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git