Fixed out of bound reads in stack variables
Out of bound reads in the following variables are fixed
scaling_mat_offset in ihevcd_iquant_itrans_recon_ctb()
ai1_offset_y, ai1_offset_cb and ai1_offset_cr in ihevcd_sao_shift_ctb()
These values were read but not used
b/32915871
Change-Id: Ib07e2ed1bdcc600700d4e9e5d970f6cc2164ab1b
(cherry picked from commit 4def2dfabf8afcb185942131c1e67bb3ff211f05)
diff --git a/decoder/ihevcd_iquant_itrans_recon_ctb.c b/decoder/ihevcd_iquant_itrans_recon_ctb.c
index a558644..88ace44 100644
--- a/decoder/ihevcd_iquant_itrans_recon_ctb.c
+++ b/decoder/ihevcd_iquant_itrans_recon_ctb.c
@@ -567,9 +567,11 @@
/* Intra 32x32 Y */
/* Inter 32x32 Y */
/*************************************************************************/
- WORD32 scaling_mat_offset[] =
+ /* Only first 20 entries are used. Array is extended to avoid out of bound
+ reads. Skip CUs (64x64) read this table, but don't really use the value */
+ static const WORD32 scaling_mat_offset[] =
{ 0, 16, 32, 48, 64, 80, 96, 160, 224, 288, 352, 416, 480, 736, 992,
- 1248, 1504, 1760, 2016, 3040 };
+ 1248, 1504, 1760, 2016, 3040, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
PROFILE_DISABLE_IQ_IT_RECON_INTRA_PRED();
diff --git a/decoder/ihevcd_sao.c b/decoder/ihevcd_sao.c
index 2702317..dc852c6 100644
--- a/decoder/ihevcd_sao.c
+++ b/decoder/ihevcd_sao.c
@@ -568,10 +568,11 @@
UWORD8 *pu1_sao_src_top_left_luma_bot_left;
UWORD8 *au1_sao_src_top_left_chroma_bot_left;
UWORD8 *pu1_sao_src_top_left_chroma_bot_left;
-
- WORD8 ai1_offset_y[5];
- WORD8 ai1_offset_cb[5];
- WORD8 ai1_offset_cr[5];
+ /* Only 5 values are used, but arrays are large
+ enough so that SIMD functions can read 64 bits at a time */
+ WORD8 ai1_offset_y[8];
+ WORD8 ai1_offset_cb[8];
+ WORD8 ai1_offset_cr[8];
WORD32 chroma_yuv420sp_vu = ps_sao_ctxt->is_chroma_yuv420sp_vu;
PROFILE_DISABLE_SAO();
