diff options
| author | Jingning Han <jingning@google.com> | 2013-02-20 15:32:17 -0800 |
|---|---|---|
| committer | Jingning Han <jingning@google.com> | 2013-02-20 15:41:48 -0800 |
| commit | 232ccc2fbe06599a20535fc97bb7e25767524f46 (patch) | |
| tree | 1367bfffb7deaec4b1f1554dfdcdcbe8292b4589 /vp9/encoder/vp9_onyx_if.c | |
| parent | 6b1b34177491351fb15613637bd1667ced34c5ac (diff) | |
| download | libvpx-232ccc2fbe06599a20535fc97bb7e25767524f46.tar libvpx-232ccc2fbe06599a20535fc97bb7e25767524f46.tar.gz libvpx-232ccc2fbe06599a20535fc97bb7e25767524f46.tar.bz2 libvpx-232ccc2fbe06599a20535fc97bb7e25767524f46.zip | |
Fixed the buffer overflow issue
The issue that potentially broke the encoding process was due to the fact
that the length of token link is calculated from the total number of tokens
coded, while it is possible, in high bit-rate setting, this length is
greater than the buffer length initially assigned to the cpi->tok.
This patch increases the initially allocated buffer length assigned to
cpi->tok from
(mb_rows * mb_cols * 24 * 16) to (mb_rows * mb_cols * (1 + 24 * 16)).
It resolves the buffer overflow problem.
Change-Id: I8661a8d39ea0a3c24303e3f71a170787a1d5b1df
Diffstat (limited to 'vp9/encoder/vp9_onyx_if.c')
| -rw-r--r-- | vp9/encoder/vp9_onyx_if.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/vp9/encoder/vp9_onyx_if.c b/vp9/encoder/vp9_onyx_if.c index 2528122a6..9355c02a1 100644 --- a/vp9/encoder/vp9_onyx_if.c +++ b/vp9/encoder/vp9_onyx_if.c @@ -947,7 +947,7 @@ void vp9_alloc_compressor_data(VP9_COMP *cpi) { vpx_free(cpi->tok); { - unsigned int tokens = cm->mb_rows * cm->mb_cols * 24 * 16; + unsigned int tokens = cm->mb_rows * cm->mb_cols * (24 * 16 + 1); CHECK_MEM_ERROR(cpi->tok, vpx_calloc(tokens, sizeof(*cpi->tok))); } |