From 6962d23cfb645e72ea161ed2060ce11e7be7a1f23b32cc243661da81ec51cfc1 Mon Sep 17 00:00:00 2001
From: Jonathan Kang <jonathankang@gnome.org>
Date: Mon, 19 Jan 2026 10:46:45 +0800
Subject: [PATCH] Add ffmpeg-4-CVE-2025-63757.patch to fix bsc#1255392

---
 ffmpeg-4-CVE-2025-63757.patch | 35 +++++++++++++++++++++++++++++++++++
 ffmpeg-4.changes              |  7 +++++++
 ffmpeg-4.spec                 |  1 +
 3 files changed, 43 insertions(+)
 create mode 100644 ffmpeg-4-CVE-2025-63757.patch

diff --git a/ffmpeg-4-CVE-2025-63757.patch b/ffmpeg-4-CVE-2025-63757.patch
new file mode 100644
index 0000000..ddedb53
--- /dev/null
+++ b/ffmpeg-4-CVE-2025-63757.patch
@@ -0,0 +1,35 @@
+From 95d890bf18e535e1ae5a9e24d801ca021e288804 Mon Sep 17 00:00:00 2001
+From: Jonathan Kang <jonathankang@gnome.org>
+Date: Thu, 15 Jan 2026 15:28:26 +0800
+Subject: [PATCH] swscale/output: Fix integer overflow in
+ yuv2ya16_X_c_template()
+
+---
+ libswscale/output.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libswscale/output.c b/libswscale/output.c
+index be22279229..49af3818b9 100644
+--- a/libswscale/output.c
++++ b/libswscale/output.c
+@@ -911,7 +911,7 @@ yuv2ya16_X_c_template(SwsContext *c, const int16_t *lumFilter,
+         int A = 0xffff;
+ 
+         for (j = 0; j < lumFilterSize; j++)
+-            Y += lumSrc[j][i] * lumFilter[j];
++            Y += lumSrc[j][i] * (unsigned)lumFilter[j];
+ 
+         Y >>= 15;
+         Y += (1<<3) + 0x8000;
+@@ -920,7 +920,7 @@ yuv2ya16_X_c_template(SwsContext *c, const int16_t *lumFilter,
+         if (hasAlpha) {
+             A = -0x40000000 + (1<<14);
+             for (j = 0; j < lumFilterSize; j++)
+-                A += alpSrc[j][i] * lumFilter[j];
++                A += alpSrc[j][i] * (unsigned)lumFilter[j];
+ 
+             A >>= 15;
+             A += 0x8000;
+-- 
+2.52.0
+
diff --git a/ffmpeg-4.changes b/ffmpeg-4.changes
index 0a6e0ca..5937806 100644
--- a/ffmpeg-4.changes
+++ b/ffmpeg-4.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jan 15 07:36:04 UTC 2026 - SongChuan Kang <sckang@suse.com>
+
+- Add ffmpeg-4-CVE-2025-63757.patch: Backport 0c6b7f948 from
+  upstream. swscale/output: Fix integer overflow in
+  yuv2ya16_X_c_template() (bsc#1255392, CVE-2025-63757).
+
 -------------------------------------------------------------------
 Wed Mar  5 09:46:09 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/ffmpeg-4.spec b/ffmpeg-4.spec
index f4df1ce..dfcfe85 100644
--- a/ffmpeg-4.spec
+++ b/ffmpeg-4.spec
@@ -144,6 +144,7 @@ Patch26:        ffmpeg-4-CVE-2025-22919.patch
 Patch27:        ffmpeg-4-CVE-2025-0518.patch
 Patch28:        ffmpeg-4-CVE-2025-25473.patch
 Patch29:        ffmpeg-4-CVE-2025-22921.patch
+Patch30:        ffmpeg-4-CVE-2025-63757.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel
-- 
2.51.1