swscale/rgb2rgb_template: Fix ff_rgb24toyv12_c() with odd height

Fixes: out of array access
Fixes: 368143798/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6475823425585152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 6 insertions, 1 deletions

diff --git a/libswscale/rgb2rgb_template.c b/libswscale/rgb2rgb_template.c
index 197450169a..84b9da0911 100644
--- a/libswscale/rgb2rgb_template.c
+++ b/libswscale/rgb2rgb_template.c
@@ -640,7 +640,7 @@ static inline void uyvytoyv12_c(const uint8_t *src, uint8_t *ydst,
 }
 
 /**
- * Height should be a multiple of 2 and width should be a multiple of 2.
+ * width should be a multiple of 2.
  * (If this is a problem for anyone then tell me, and I will fix it.)
  */
 void ff_rgb24toyv12_c(const uint8_t *src, uint8_t *ydst, uint8_t *udst,
@@ -659,6 +659,11 @@ void ff_rgb24toyv12_c(const uint8_t *src, uint8_t *ydst, uint8_t *udst,
 
     for (y = 0; y < height; y += 2) {
         int i;
+        if (y + 1 == height) {
+            ydst2 = ydst1;
+            src2  = src1;
+        }
+
         for (i = 0; i < chromWidth; i++) {
             unsigned int b11 = src1[6 * i + 0];
             unsigned int g11 = src1[6 * i + 1];