From 23592f942db93776dab65a5e92400bb2f037390e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 11 May 2025 23:25:07 +0200
Subject: [PATCH] swscale/output: fix integer overflow in
 yuv2rgba64_full_1_c_template()

Fixes: signed integer overflow: -293650 * 16525 cannot be represented in type 'int'
Fixes: 408304111/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4762210299871232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libswscale/output.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libswscale/output.c b/libswscale/output.c
index 2a6a20f2e6..c37649e7ce 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1435,8 +1435,8 @@ yuv2rgba64_full_1_c_template(SwsInternal *c, const int32_t *buf0,
     if (uvalpha == 0) {
         for (i = 0; i < dstW; i++) {
             SUINT Y  = (buf0[i]) >> 2;
-            int U  = (ubuf0[i] - (128 << 11)) >> 2;
-            int V  = (vbuf0[i] - (128 << 11)) >> 2;
+            SUINT U  = (ubuf0[i] - (128 << 11)) >> 2;
+            SUINT V  = (vbuf0[i] - (128 << 11)) >> 2;
             int R, G, B;
 
             Y -= c->yuv2rgb_y_offset;
@@ -1471,8 +1471,8 @@ yuv2rgba64_full_1_c_template(SwsInternal *c, const int32_t *buf0,
 
         for (i = 0; i < dstW; i++) {
             SUINT Y  = (buf0[i]    ) >> 2;
-            int U = (ubuf0[i] * uvalpha1 + ubuf1[i] * uvalpha - (128 << 23)) >> 14;
-            int V = (vbuf0[i] * uvalpha1 + vbuf1[i] * uvalpha - (128 << 23)) >> 14;
+            SUINT U = (ubuf0[i] * uvalpha1 + ubuf1[i] * uvalpha - (128 << 23)) >> 14;
+            SUINT V = (vbuf0[i] * uvalpha1 + vbuf1[i] * uvalpha - (128 << 23)) >> 14;
             int R, G, B;
 
             Y -= c->yuv2rgb_y_offset;