[Libva] [PATCH 1/3] fix buffer overflow for dc_values and ac_values
Xiang, Haihao
haihao.xiang at intel.com
Thu Jun 30 08:44:14 UTC 2016
On Mon, 2016-06-27 at 20:27 +0800, Lim Siew Hoon wrote:
> The dc_values only have 12 bytes and ac_value only 162 bytes but the
> memcpy did it for 16 bytes and 265 bytes copying thru hard code
265 bytes? is it a typo of '256 bytes' ?
> value.
> To avoid the array index out of bound again, recommend move to use
> sizeof.
>
> Signed-off-by: Lim Siew Hoon <siew.hoon.lim at intel.com>
> ---
> test/decode/tinyjpeg.c | 20 ++++++++++++--------
> 1 file changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/test/decode/tinyjpeg.c b/test/decode/tinyjpeg.c
> index f53d083..6b5435d 100644
> --- a/test/decode/tinyjpeg.c
> +++ b/test/decode/tinyjpeg.c
> @@ -154,19 +154,23 @@ static VAHuffmanTableBufferJPEGBaseline
> default_huffman_table_param={
> static int build_default_huffman_tables(struct jdec_private *priv)
> {
> int i = 0;
> - if (priv->default_huffman_table_initialized)
> - return 0;
> + if (priv->default_huffman_table_initialized)
> + return 0;
>
> for (i = 0; i < 4; i++) {
> priv->HTDC_valid[i] = 1;
> - memcpy(priv->HTDC[i].bits,
> default_huffman_table_param.huffman_table[i].num_dc_codes, 16);
> - memcpy(priv->HTDC[i].values,
> default_huffman_table_param.huffman_table[i].dc_values, 16);
> + memcpy(priv->HTDC[i].bits,
> default_huffman_table_param.huffman_table[i].num_dc_codes,
> + sizeof(default_huffman_table_param.huffman_table[i].n
> um_dc_codes));
> + memcpy(priv->HTDC[i].values,
> default_huffman_table_param.huffman_table[i].dc_values,
> + sizeof(default_huffman_table_param.huffman_table[i].d
> c_values));
> priv->HTAC_valid[i] = 1;
> - memcpy(priv->HTAC[i].bits,
> default_huffman_table_param.huffman_table[i].num_ac_codes, 16);
> - memcpy(priv->HTAC[i].values,
> default_huffman_table_param.huffman_table[i].ac_values, 256);
> + memcpy(priv->HTAC[i].bits,
> default_huffman_table_param.huffman_table[i].num_ac_codes,
> + sizeof(default_huffman_table_param.huffman_table[i].n
> um_ac_codes));
> + memcpy(priv->HTAC[i].values,
> default_huffman_table_param.huffman_table[i].ac_values,
> + sizeof(default_huffman_table_param.huffman_table[i].a
> c_values));
> }
> - priv->default_huffman_table_initialized = 1;
> - return 0;
> + priv->default_huffman_table_initialized = 1;
> + return 0;
> }
>
>
More information about the Libva
mailing list