OSDN Git Service

(root) / android-x86 / hardware-intel-common-libva.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e1585ac)
fix buffer overflow for dc_values and ac_values (v2)
authorLim Siew Hoon <siew.hoon.lim@intel.com>
Fri, 1 Jul 2016 02:30:19 +0000 (10:30 +0800)
committerXiang, Haihao <haihao.xiang@intel.com>
Mon, 22 Aug 2016 05:04:29 +0000 (13:04 +0800)
The dc_values only have 12 bytes and ac_value only 162 bytes but the
memcpy did it for 16 bytes and 256 bytes copying thru hard code value.
To avoid the array index out of bound again, recommend move to use sizeof.

v2:
Fix commit message typo from 265 bytes to 256 bytes.

Signed-off-by: Lim Siew Hoon <siew.hoon.lim@intel.com>
(cherry picked from commit c36778ff264b3c45b538db4bbfe6aea38fcb165e)

test/decode/tinyjpeg.c patch | blob | history

diff --git a/test/decode/tinyjpeg.c b/test/decode/tinyjpeg.c
index f53d083..6b5435d 100644 (file)
--- a/test/decode/tinyjpeg.c
+++ b/test/decode/tinyjpeg.c
@@ -154,19 +154,23 @@ static VAHuffmanTableBufferJPEGBaseline default_huffman_table_param={
 static int build_default_huffman_tables(struct jdec_private *priv)
 {
     int i = 0;
-       if (priv->default_huffman_table_initialized)
-               return 0;
+    if (priv->default_huffman_table_initialized)
+        return 0;
 
     for (i = 0; i < 4; i++) {
         priv->HTDC_valid[i] = 1;
-        memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes, 16);
-        memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values, 16);
+        memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes,
+               sizeof(default_huffman_table_param.huffman_table[i].num_dc_codes));
+        memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values,
+               sizeof(default_huffman_table_param.huffman_table[i].dc_values));
         priv->HTAC_valid[i] = 1;
-        memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes, 16);
-        memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values, 256);
+        memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes,
+               sizeof(default_huffman_table_param.huffman_table[i].num_ac_codes));
+        memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values,
+               sizeof(default_huffman_table_param.huffman_table[i].ac_values));
     }
-       priv->default_huffman_table_initialized = 1;
-       return 0;
+    priv->default_huffman_table_initialized = 1;
+    return 0;
 }
 
 
hardware/intel/common/libva
About OSDN
Find Software
Develop Software
Help