The size of array huffman_table only 2 in VAHuffmanTableBufferJPEGBaseline default_huffman_table_param. The index in 2..3 in huffman_table[x] will be access invalid memory location in for loop that looping 4 times.
Signed-off-by: Lim Siew Hoon <[email protected]> --- test/decode/tinyjpeg.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/test/decode/tinyjpeg.c b/test/decode/tinyjpeg.c index 6b5435d..fb58eb9 100644 --- a/test/decode/tinyjpeg.c +++ b/test/decode/tinyjpeg.c @@ -159,15 +159,15 @@ static int build_default_huffman_tables(struct jdec_private *priv) for (i = 0; i < 4; i++) { priv->HTDC_valid[i] = 1; - memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes, - sizeof(default_huffman_table_param.huffman_table[i].num_dc_codes)); - memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values, - sizeof(default_huffman_table_param.huffman_table[i].dc_values)); + memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i%2].num_dc_codes, + sizeof(default_huffman_table_param.huffman_table[i%2].num_dc_codes)); + memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i%2].dc_values, + sizeof(default_huffman_table_param.huffman_table[i%2].dc_values)); priv->HTAC_valid[i] = 1; - memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes, - sizeof(default_huffman_table_param.huffman_table[i].num_ac_codes)); - memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values, - sizeof(default_huffman_table_param.huffman_table[i].ac_values)); + memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i%2].num_ac_codes, + sizeof(default_huffman_table_param.huffman_table[i%2].num_ac_codes)); + memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i%2].ac_values, + sizeof(default_huffman_table_param.huffman_table[i%2].ac_values)); } priv->default_huffman_table_initialized = 1; return 0; -- 2.1.0 _______________________________________________ Libva mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libva
