Fixed stack buffer overflow
Bugfix: 25812590
Moved check for numCoeffs > 64 inside the coeff decode loop
Change-Id: I444b77ef2a3da9233ec14bb72ac70b7e2fa56bd1
(cherry picked from commit ff3496c45c571da7eb93d6f9f05758813468fc72)
diff --git a/decoder/impeg2d_vld.c b/decoder/impeg2d_vld.c
index 972f42a..459548b 100644
--- a/decoder/impeg2d_vld.c
+++ b/decoder/impeg2d_vld.c
@@ -789,13 +789,13 @@
u4_nz_cols |= 1 << (u4_pos & 0x7);
u4_nz_rows |= 1 << (u4_pos >> 0x3);
+ if (u4_numCoeffs > 64)
+ {
+ return IMPEG2D_MB_TEX_DECODE_ERR;
+ }
}
IBITS_GET(u4_buf,u4_buf_nxt,u4_offset,u4_bits,pu4_buf_aligned,u4_sym_len)
- if (u4_numCoeffs > 64)
- {
- return IMPEG2D_MB_TEX_DECODE_ERR;
- }
}
else
{
@@ -957,10 +957,11 @@
u4_nz_cols |= 1 << (u4_pos & 0x7);
u4_nz_rows |= 1 << (u4_pos >> 0x3);
- }
- if (u4_numCoeffs > 64)
- {
- return IMPEG2D_MB_TEX_DECODE_ERR;
+ if (u4_numCoeffs > 64)
+ {
+ return IMPEG2D_MB_TEX_DECODE_ERR;
+ }
+
}
IBITS_GET(u4_buf,u4_buf_nxt,u4_offset,u4_bits,pu4_buf_aligned,u4_sym_len)