[FFmpeg-cvslog] swscale/swscale_unscaled: Fix odd height with nv24_to_yuv420p_chroma()

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sun Sep 22 23:00:52 2024 +0200| [d32dcc07a762185c1213fc7485cedc22b2448887] | committer: Michael Niedermayer

swscale/swscale_unscaled: Fix odd height with nv24_to_yuv420p_chroma()

Fixes: out of array read
Fixes: 71726/clusterfuzz-testcase-ffmpeg_SWS_fuzzer-5876893532880896
Fixes: 377735917/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6686071112400896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Approved-by: Ramiro Polla <ramiro.polla at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d32dcc07a762185c1213fc7485cedc22b2448887
---

 libswscale/swscale_unscaled.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c
index 143c4c1002..c7ad6b014a 100644
--- a/libswscale/swscale_unscaled.c
+++ b/libswscale/swscale_unscaled.c
@@ -230,6 +230,8 @@ static void nv24_to_yuv420p_chroma(uint8_t *dst1, int dstStride1,
     const uint8_t *src2 = src + srcStride;
     // average 4 pixels into 1 (interleaved U and V)
     for (int y = 0; y < h; y += 2) {
+        if (y + 1 == h)
+            src2 = src1;
         for (int x = 0; x < w; x++) {
             dst1[x] = (src1[4 * x + 0] + src1[4 * x + 2] +
                        src2[4 * x + 0] + src2[4 * x + 2]) >> 2;