coffee/libyuv
1
0
Fork 0
mirror of https://chromium.googlesource.com/libyuv/libyuv synced 2026-06-15 08:26:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
libyuv/source
History
Frank Barchard ef08f21f6d [libyuv] Fix security vulnerabilities in ScalePlane and ARGBAffineRow_C 
This CL addresses two security findings related to integer overflows:

1. Input validation in ScalePlane, ScalePlane_16, and ScalePlane_12:
   Added checks to reject invalid dimensions (e.g. width <= 0, height
   == 0) and dimensions larger than 32768 (or smaller than -32768 for
   height). This prevents FixedDiv signed integer overflows that can
   lead to division by zero/overflow crashes (SIGFPE on x86) or
   incorrect step calculations.

2. Stride overflow in ARGBAffineRow_C:
   Casted pointer arithmetic operands to ptrdiff_t before multiplication
   (y * stride and x * 4) to ensure 64-bit calculations, preventing
   signed 32-bit integer overflow when calculating source pixel offsets.

Added unit tests to verify the input validation in ScalePlane functions.

Test: libyuv_unittest --gtest_filter=*InvalidInputs*
Test: libyuv_unittest --gtest_filter=*Scale*
Test: libyuv_unittest --gtest_filter=*TestAffine*
Bug: None

TAG=agy
CONV=0e990960-611b-4f38-94ec-24e79b66242e
R=wtc@google.com

Change-Id: I252af47a98e45dff8bb5f06308c3739c6eead741
Reviewed-on: https://chromium-review.googlesource.com/c/libyuv/libyuv/+/7886217
Reviewed-by: Wan-Teh Chang <wtc@google.com>
Commit-Queue: Frank Barchard <fbarchard@google.com>
2026-05-29 18:30:38 -07:00
..
compare_common.cc clang-tidy applied 2021-04-01 21:42:47 +00:00
compare_gcc.cc ARGBToJ444 use 256 for fixed point scale UV 2025-02-27 13:04:15 -08:00
compare_neon64.cc Add hybrid detect for Intel laptop cpus 2025-06-13 13:22:54 -07:00
compare_neon.cc Apply format with no code changes 2025-02-24 23:57:01 -08:00
compare_win.cc ARGBToJ444 use 256 for fixed point scale UV 2025-02-27 13:04:15 -08:00
compare.cc Don't coalesce rows if width*height would overflow 2026-05-29 11:57:47 -07:00
convert_argb.cc Don't coalesce rows if width*height would overflow 2026-05-29 11:57:47 -07:00
convert_from_argb.cc Don't coalesce rows if width*height would overflow 2026-05-29 11:57:47 -07:00
convert_from.cc Don't coalesce rows if width*height would overflow 2026-05-29 11:57:47 -07:00
convert_jpeg.cc PlaneScale, UVScale and ARGBScale test 3x and 4x down sample. 2020-10-28 20:41:59 +00:00
convert_to_argb.cc Apply clang format 2025-01-02 13:31:20 -08:00
convert_to_i420.cc Apply clang format 2025-01-02 13:31:20 -08:00
convert.cc Don't coalesce rows if width*height would overflow 2026-05-29 11:57:47 -07:00
cpu_id.cc Replace strtok_r with strchr in RISC-V CPU capability detection 2026-04-10 12:33:43 -07:00
mjpeg_decoder.cc Add AMXINT8 cpu detect 2024-02-15 21:44:47 +00:00
mjpeg_validate.cc Update to r1732 for more robust jpeg 2019-07-01 22:32:36 +00:00
planar_functions.cc Don't coalesce rows if width*height would overflow 2026-05-29 11:57:47 -07:00
rotate_any.cc Deprecate MIPS and MSA support. 2025-10-16 12:20:40 -07:00
rotate_argb.cc Deprecate MIPS and MSA support. 2025-10-16 12:20:40 -07:00
rotate_common.cc Remove redundant #include <stddef.h> 2026-05-28 17:10:22 -07:00
rotate_gcc.cc Use ptrdiff_t for buffer offsets 2026-04-28 18:21:42 -07:00
rotate_lsx.cc [AArch64] Use full vectors in TransposeWx{8 => 16}_NEON 2024-05-21 07:46:42 +00:00
rotate_neon64.cc Fix integer overflow in multiplications of stride 2026-05-28 14:12:37 -07:00
rotate_neon.cc Fix integer overflow in multiplications of stride 2026-05-28 14:12:37 -07:00
rotate_sme.cc [AArch64] Re-enable SME only for Linux and new versions of Clang 2024-09-23 09:29:53 +00:00
rotate_win.cc ARGBToJ444 use 256 for fixed point scale UV 2025-02-27 13:04:15 -08:00
rotate.cc Fix integer overflow in multiplications of stride 2026-05-28 14:12:37 -07:00
row_any.cc J400ToARGB switch from SSE2 to AVX2 2026-05-28 21:24:32 -07:00
row_common.cc [libyuv] Fix security vulnerabilities in ScalePlane and ARGBAffineRow_C 2026-05-29 18:30:38 -07:00
row_gcc.cc J400ToARGB switch from SSE2 to AVX2 2026-05-28 21:24:32 -07:00
row_lasx.cc Replace RAWToY/RGB24ToY with RGBToYMatrix 2026-04-21 17:11:14 -07:00
row_lsx.cc Replace RAWToY/RGB24ToY with RGBToYMatrix 2026-04-21 17:11:14 -07:00
row_neon64.cc Fix integer overflow in multiplications of stride 2026-05-28 14:12:37 -07:00
row_neon.cc ABGRToJ420 call ARGBToI420Matrix 2026-05-08 15:23:30 -07:00
row_rvv.cc Replace RAWToY/RGB24ToY with RGBToYMatrix 2026-04-21 17:11:14 -07:00
row_sme.cc RAWToNV21 using SME, SVE, I8MM or Neon 2026-04-29 13:11:04 -07:00
row_sve.cc RAWToNV21 using SME, SVE, I8MM or Neon 2026-04-29 13:11:04 -07:00
row_win.cc J400ToARGB switch from SSE2 to AVX2 2026-05-28 21:24:32 -07:00
scale_any.cc Deprecate MIPS and MSA support. 2025-10-16 12:20:40 -07:00
scale_argb.cc Fix integer overflow in multiplications of stride 2026-05-28 14:12:37 -07:00
scale_common.cc InterpolateRow for Visual C 2026-05-18 17:28:46 -07:00
scale_gcc.cc Unittests use ASSERT instead of EXPECT 2026-05-11 19:10:47 -07:00
scale_lsx.cc DetilePlane and unittest for NEON 2022-01-31 20:05:55 +00:00
scale_neon64.cc Apply format with no code changes 2025-02-24 23:57:01 -08:00
scale_neon.cc Apply format with no code changes 2025-02-24 23:57:01 -08:00
scale_rgb.cc Apply clang format 2025-01-02 13:31:20 -08:00
scale_rvv.cc Replace RAWToY/RGB24ToY with RGBToYMatrix 2026-04-21 17:11:14 -07:00
scale_sme.cc Apply clang format 2025-01-02 13:31:20 -08:00
scale_uv.cc Fix integer overflow in multiplications of stride 2026-05-28 14:12:37 -07:00
scale_win.cc Fix linear interpolation 2026-05-13 05:33:33 -07:00
scale.cc [libyuv] Fix security vulnerabilities in ScalePlane and ARGBAffineRow_C 2026-05-29 18:30:38 -07:00
test.sh Optimze ABGRToI420 for AVX2 2020-06-04 18:24:45 +00:00
video_common.cc Lint cleanup after C99 change CL 2018-01-24 19:16:03 +00:00