[Libva] [PATCH] Fix Buffer Overflow for dc_values and ac_values
Lim, Siew Hoon
siew.hoon.lim at intel.com
Mon Jun 27 09:43:37 UTC 2016
Sorry,
Please ignore this patch. Got some issue.
Thanks.
....siewhoon
> -----Original Message-----
> From: Libva [mailto:libva-bounces at lists.freedesktop.org] On Behalf Of Lim
> Siew Hoon
> Sent: Monday, June 27, 2016 3:31 PM
> To: libva at lists.freedesktop.org
> Subject: [Libva] [PATCH] Fix Buffer Overflow for dc_values and ac_values
>
> The dc_values only have 12 bytes and ac_value only 162 bytes but the
> memcpy did it for 16 bytes and 265 bytes copying. To avoid the array index
> out of bound again, recommend move to use sizeof.
>
> Signed-off-by: Lim Siew Hoon <siew.hoon.lim at intel.com>
> ---
> test/decode/tinyjpeg.c | 20 ++++++++++++--------
> 1 file changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/test/decode/tinyjpeg.c b/test/decode/tinyjpeg.c index
> f53d083..b04ac75 100644
> --- a/test/decode/tinyjpeg.c
> +++ b/test/decode/tinyjpeg.c
> @@ -154,19 +154,23 @@ static VAHuffmanTableBufferJPEGBaseline
> default_huffman_table_param={ static int
> build_default_huffman_tables(struct jdec_private *priv) {
> int i = 0;
> - if (priv->default_huffman_table_initialized)
> - return 0;
> + if (priv->default_huffman_table_initialized)
> + return 0;
>
> for (i = 0; i < 4; i++) {
> priv->HTDC_valid[i] = 1;
> - memcpy(priv->HTDC[i].bits,
> default_huffman_table_param.huffman_table[i].num_dc_codes, 16);
> - memcpy(priv->HTDC[i].values,
> default_huffman_table_param.huffman_table[i].dc_values, 16);
> + memcpy(priv->HTDC[i].bits,
> default_huffman_table_param.huffman_table[i].num_dc_codes,
> +
> sizeof(default_huffman_table_param.huffman_table[i].num_dc_codes));
> + memcpy(priv->HTDC[i].values,
> default_huffman_table_param.huffman_table[i].dc_values,
> +
> + sizeof(default_huffman_table_param.huffman_table[i].dc_values));
> priv->HTAC_valid[i] = 1;
> - memcpy(priv->HTAC[i].bits,
> default_huffman_table_param.huffman_table[i].num_ac_codes, 16);
> - memcpy(priv->HTAC[i].values,
> default_huffman_table_param.huffman_table[i].ac_values, 256);
> + memcpy(priv->HTAC[i].bits,
> default_huffman_table_param.huffman_table[i].num_ac_codes
> +
> sizeof(default_huffman_table_param.huffman_table[i].num_ac_codes));
> + memcpy(priv->HTAC[i].values,
> default_huffman_table_param.huffman_table[i].ac_values,
> +
> + sizeof(default_huffman_table_param.huffman_table[i].ac_values));
> }
> - priv->default_huffman_table_initialized = 1;
> - return 0;
> + priv->default_huffman_table_initialized = 1;
> + return 0;
> }
>
>
> --
> 2.1.0
>
> _______________________________________________
> Libva mailing list
> Libva at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/libva
More information about the Libva
mailing list