[Libva] [PATCH 1/3] fix buffer overflow for dc_values and ac_values

Lim Siew Hoon siew.hoon.lim at intel.com
Mon Jun 27 12:27:23 UTC 2016


The dc_values only have 12 bytes and ac_value only 162 bytes but the
memcpy did it for 16 bytes and 265 bytes copying thru hard code value.
To avoid the array index out of bound again, recommend move to use sizeof.

Signed-off-by: Lim Siew Hoon <siew.hoon.lim at intel.com>
---
 test/decode/tinyjpeg.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/test/decode/tinyjpeg.c b/test/decode/tinyjpeg.c
index f53d083..6b5435d 100644
--- a/test/decode/tinyjpeg.c
+++ b/test/decode/tinyjpeg.c
@@ -154,19 +154,23 @@ static VAHuffmanTableBufferJPEGBaseline default_huffman_table_param={
 static int build_default_huffman_tables(struct jdec_private *priv)
 {
     int i = 0;
-	if (priv->default_huffman_table_initialized)
-		return 0;
+    if (priv->default_huffman_table_initialized)
+        return 0;
 
     for (i = 0; i < 4; i++) {
         priv->HTDC_valid[i] = 1;
-        memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes, 16);
-        memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values, 16);
+        memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes,
+               sizeof(default_huffman_table_param.huffman_table[i].num_dc_codes));
+        memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values,
+               sizeof(default_huffman_table_param.huffman_table[i].dc_values));
         priv->HTAC_valid[i] = 1;
-        memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes, 16);
-        memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values, 256);
+        memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes,
+               sizeof(default_huffman_table_param.huffman_table[i].num_ac_codes));
+        memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values,
+               sizeof(default_huffman_table_param.huffman_table[i].ac_values));
     }
-	priv->default_huffman_table_initialized = 1;
-	return 0;
+    priv->default_huffman_table_initialized = 1;
+    return 0;
 }
 
 
-- 
2.1.0



More information about the Libva mailing list