[Libva] [PATCH 1/3] fix buffer overflow for dc_values and ac_values (v2)

Lim Siew Hoon siew.hoon.lim at intel.com
Fri Jul 1 02:30:19 UTC 2016 

The dc_values only have 12 bytes and ac_value only 162 bytes but the
memcpy did it for 16 bytes and 256 bytes copying thru hard code value.
To avoid the array index out of bound again, recommend move to use sizeof.

v2:
Fix commit message typo from 265 bytes to 256 bytes.

Signed-off-by: Lim Siew Hoon <siew.hoon.lim at intel.com>
---
 test/decode/tinyjpeg.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/test/decode/tinyjpeg.c b/test/decode/tinyjpeg.c
index f53d083..6b5435d 100644
--- a/test/decode/tinyjpeg.c
+++ b/test/decode/tinyjpeg.c
@@ -154,19 +154,23 @@ static VAHuffmanTableBufferJPEGBaseline default_huffman_table_param={
 static int build_default_huffman_tables(struct jdec_private *priv)
 {
     int i = 0;
-	if (priv->default_huffman_table_initialized)
-		return 0;
+    if (priv->default_huffman_table_initialized)
+        return 0;
 
     for (i = 0; i < 4; i++) {
         priv->HTDC_valid[i] = 1;
-        memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes, 16);
-        memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values, 16);
+        memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes,
+               sizeof(default_huffman_table_param.huffman_table[i].num_dc_codes));
+        memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values,
+               sizeof(default_huffman_table_param.huffman_table[i].dc_values));
         priv->HTAC_valid[i] = 1;
-        memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes, 16);
-        memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values, 256);
+        memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes,
+               sizeof(default_huffman_table_param.huffman_table[i].num_ac_codes));
+        memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values,
+               sizeof(default_huffman_table_param.huffman_table[i].ac_values));
     }
-	priv->default_huffman_table_initialized = 1;
-	return 0;
+    priv->default_huffman_table_initialized = 1;
+    return 0;
 }
 
 
-- 
2.1.0

More information about the Libva mailing list