From d32dcc07a762185c1213fc7485cedc22b2448887 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 22 Sep 2024 23:00:52 +0200
Subject: [PATCH] swscale/swscale_unscaled: Fix odd height with
 nv24_to_yuv420p_chroma()

Fixes: out of array read
Fixes: 71726/clusterfuzz-testcase-ffmpeg_SWS_fuzzer-5876893532880896
Fixes: 377735917/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6686071112400896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Approved-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libswscale/swscale_unscaled.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c
index 143c4c1002..c7ad6b014a 100644
--- a/libswscale/swscale_unscaled.c
+++ b/libswscale/swscale_unscaled.c
@@ -230,6 +230,8 @@ static void nv24_to_yuv420p_chroma(uint8_t *dst1, int dstStride1,
     const uint8_t *src2 = src + srcStride;
     // average 4 pixels into 1 (interleaved U and V)
     for (int y = 0; y < h; y += 2) {
+        if (y + 1 == h)
+            src2 = src1;
         for (int x = 0; x < w; x++) {
             dst1[x] = (src1[4 * x + 0] + src1[4 * x + 2] +
                        src2[4 * x + 0] + src2[4 * x + 2]) >> 2;