From 7c5c45ec124d33b83e8be221097e2abdcc41ea60 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 3 Mar 2026 20:24:36 +0100
Subject: [PATCH] avfilter/vf_scale: Fix integer overflow in config_props()

Fixes: signed integer overflow: 536870944 * 16 cannot be represented in type 'int'
Fixes: #21587

Found-by: HAORAN FANG
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9adced32785ce11a5923af12d72c25c0c2907e8b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/vf_scale.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c
index 6c1302f8ce..1bcacf2a93 100644
--- a/libavfilter/vf_scale.c
+++ b/libavfilter/vf_scale.c
@@ -643,8 +643,8 @@ static int config_props(AVFilterLink *outlink)
 
     if (outlink->w > INT_MAX ||
         outlink->h > INT_MAX ||
-        (outlink->h * inlink->w) > INT_MAX ||
-        (outlink->w * inlink->h) > INT_MAX)
+        (outlink->h * (uint64_t)inlink->w) > INT_MAX ||
+        (outlink->w * (uint64_t)inlink->h) > INT_MAX)
         av_log(ctx, AV_LOG_ERROR, "Rescaled value for width or height is too big.\n");
 
     /* TODO: make algorithm configurable */