diff options
author | Hamsalekha S <hamsalekha.s@ittiam.com> | 2017-07-04 17:06:50 +0530 |
---|---|---|
committer | Moritz Horstmann <dev@peterzweg.at> | 2018-01-13 21:43:57 +0100 |
commit | 2c9d1d077dda764e728c732498d5e30c6f7fab8a (patch) | |
tree | 38ab0a98d90397963a505a5568cc198ff1420948 /decoder/ih264d_api.c | |
parent | 8f141f1c5c68a8c6466d918079826aedb2ccf8e4 (diff) | |
download | android_external_libavc-2c9d1d077dda764e728c732498d5e30c6f7fab8a.tar.gz android_external_libavc-2c9d1d077dda764e728c732498d5e30c6f7fab8a.tar.bz2 android_external_libavc-2c9d1d077dda764e728c732498d5e30c6f7fab8a.zip |
Decoder: Increased allocation and added checks in sei parsing.
This prevents heap overflow while parsing sei_message.
Bug: 63122634
Test: ran PoC on unpatched/patched
Change-Id: I61c1ff4ac053a060be8c24da4671db985cac628c
(cherry picked from commit f2b70d353768af8d4ead7f32497be05f197925ef)
Diffstat (limited to 'decoder/ih264d_api.c')
-rw-r--r-- | decoder/ih264d_api.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/decoder/ih264d_api.c b/decoder/ih264d_api.c index 5ef49b1..5f306c2 100644 --- a/decoder/ih264d_api.c +++ b/decoder/ih264d_api.c @@ -2044,7 +2044,8 @@ WORD32 ih264d_video_decode(iv_obj_t *dec_hdl, void *pv_api_ip, void *pv_api_op) void *pv_buf; void *pv_mem_ctxt = ps_dec->pv_mem_ctxt; size = MAX(256000, ps_dec->u2_pic_wd * ps_dec->u2_pic_ht * 3 / 2); - pv_buf = ps_dec->pf_aligned_alloc(pv_mem_ctxt, 128, size); + pv_buf = ps_dec->pf_aligned_alloc(pv_mem_ctxt, 128, + size + EXTRA_BS_OFFSET); RETURN_IF((NULL == pv_buf), IV_FAIL); ps_dec->pu1_bits_buf_dynamic = pv_buf; ps_dec->u4_dynamic_bits_buf_size = size; |