Make sure there is no out-of-bound access
Signed-off-by: Haihao Xiang <haihao.xiang@intel.com>
diff --git a/decode/tinyjpeg.c b/decode/tinyjpeg.c
index 38b5c9c..571716c 100644
--- a/decode/tinyjpeg.c
+++ b/decode/tinyjpeg.c
@@ -214,7 +214,7 @@
#if SANITY_CHECK
if (qi>>4)
error("16 bits quantization table is not supported\n");
- if (qi>4)
+ if (qi>=4)
error("No more 4 quantization table is supported (got %d)\n", qi);
#endif
memcpy(priv->Q_tables[qi&0x0F], stream, 64);
diff --git a/encode/h264encode.c b/encode/h264encode.c
index 4bb263a..8e4c393 100644
--- a/encode/h264encode.c
+++ b/encode/h264encode.c
@@ -1814,7 +1814,7 @@
++slice_param.idr_pic_id;
} else if (current_frame_type == FRAME_P) {
int refpiclist0_max = h264_maxref & 0xffff;
- memcpy(slice_param.RefPicList0, RefPicList0_P, refpiclist0_max*sizeof(VAPictureH264));
+ memcpy(slice_param.RefPicList0, RefPicList0_P, ((refpiclist0_max > 32) ? 32 : refpiclist0_max)*sizeof(VAPictureH264));
for (i = refpiclist0_max; i < 32; i++) {
slice_param.RefPicList0[i].picture_id = VA_INVALID_SURFACE;
@@ -1824,13 +1824,13 @@
int refpiclist0_max = h264_maxref & 0xffff;
int refpiclist1_max = (h264_maxref >> 16) & 0xffff;
- memcpy(slice_param.RefPicList0, RefPicList0_B, refpiclist0_max*sizeof(VAPictureH264));
+ memcpy(slice_param.RefPicList0, RefPicList0_B, ((refpiclist0_max > 32) ? 32 : refpiclist0_max)*sizeof(VAPictureH264));
for (i = refpiclist0_max; i < 32; i++) {
slice_param.RefPicList0[i].picture_id = VA_INVALID_SURFACE;
slice_param.RefPicList0[i].flags = VA_PICTURE_H264_INVALID;
}
- memcpy(slice_param.RefPicList1, RefPicList1_B, refpiclist1_max*sizeof(VAPictureH264));
+ memcpy(slice_param.RefPicList1, RefPicList1_B, ((refpiclist1_max > 32) ? 32 : refpiclist1_max)*sizeof(VAPictureH264));
for (i = refpiclist1_max; i < 32; i++) {
slice_param.RefPicList1[i].picture_id = VA_INVALID_SURFACE;
slice_param.RefPicList1[i].flags = VA_PICTURE_H264_INVALID;
diff --git a/encode/svctenc.c b/encode/svctenc.c
index 17e0014..5d327e6 100644
--- a/encode/svctenc.c
+++ b/encode/svctenc.c
@@ -1697,7 +1697,7 @@
pic_param->ReferenceFrames[i].picture_id = ref_frames[i].rec_surface;
pic_param->ReferenceFrames[i].TopFieldOrderCnt = ref_frames[i].poc * 2;
- pic_param->ReferenceFrames[i].BottomFieldOrderCnt = pic_param[i].ReferenceFrames[i].TopFieldOrderCnt;
+ pic_param->ReferenceFrames[i].BottomFieldOrderCnt = pic_param->ReferenceFrames[i].TopFieldOrderCnt;
pic_param->ReferenceFrames[i].flags = VA_PICTURE_H264_SHORT_TERM_REFERENCE;
}
diff --git a/videoprocess/vavpp.cpp b/videoprocess/vavpp.cpp
index 7178381..4503103 100644
--- a/videoprocess/vavpp.cpp
+++ b/videoprocess/vavpp.cpp
@@ -105,10 +105,10 @@
if (!fgets(strLine, MAX_LEN, fp))
continue;
- for (i = 0; strLine[i] && i < MAX_LEN; i++)
+ for (i = 0; i < MAX_LEN && strLine[i]; i++)
if (strLine[i] != ' ') break;
- if (strLine[i] == '#' || strLine[i] == '\n' || i == 1024)
+ if (i == MAX_LEN || strLine[i] == '#' || strLine[i] == '\n')
continue;
field = strtok(&strLine[i], ":");
@@ -1730,7 +1730,9 @@
}
/* Parse the configure file for video process*/
- strcpy(g_config_file_name, argv[1]);
+ strncpy(g_config_file_name, argv[1], MAX_LEN);
+ g_config_file_name[MAX_LEN - 1] = '\0';
+
if (NULL == (g_config_file_fd = fopen(g_config_file_name, "r"))){
printf("Open configure file %s failed!\n",g_config_file_name);
assert(0);