From 5f5421ec66f55e186763cf3441c609d6360cfd8e Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Thu, 31 Oct 2024 23:19:29 -0300
Subject: [PATCH] swscale/swscale: prevent integer overflow in
 chrRangeToJpeg16_c

Same as it's done in lumRangeToJpeg16_c(). Plenty of allowed input values can
overflow here.

Fixes: src/libswscale/swscale.c:198:47: runtime error: signed integer overflow: 475328 * 4663 cannot be represented in type 'int'
Signed-off-by: James Almer <jamrial@gmail.com>
---
 libswscale/swscale.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libswscale/swscale.c b/libswscale/swscale.c
index 3402d3eb56..4a139840b4 100644
--- a/libswscale/swscale.c
+++ b/libswscale/swscale.c
@@ -194,8 +194,8 @@ static void chrRangeToJpeg16_c(int16_t *_dstU, int16_t *_dstV, int width)
     int32_t *dstU = (int32_t *) _dstU;
     int32_t *dstV = (int32_t *) _dstV;
     for (i = 0; i < width; i++) {
-        dstU[i] = (FFMIN(dstU[i], 30775 << 4) * 4663 - (9289992 << 4)) >> 12; // -264
-        dstV[i] = (FFMIN(dstV[i], 30775 << 4) * 4663 - (9289992 << 4)) >> 12; // -264
+        dstU[i] = ((int)(FFMIN(dstU[i], 30775 << 4) * 4663U - (9289992 << 4))) >> 12; // -264
+        dstV[i] = ((int)(FFMIN(dstV[i], 30775 << 4) * 4663U - (9289992 << 4))) >> 12; // -264
     }
 }