Fixed the buffer overflow issue The issue that potentially broke the encoding process was due to the fact that the length of token link is calculated from the total number of tokens coded, while it is possible, in high bit-rate setting, this length is greater than the buffer length initially assigned to the cpi->tok. This patch increases the initially allocated buffer length assigned to cpi->tok from (mb_rows * mb_cols * 24 * 16) to (mb_rows * mb_cols * (1 + 24 * 16)). It resolves the buffer overflow problem. Change-Id: I8661a8d39ea0a3c24303e3f71a170787a1d5b1df

commit: 936aa281b589e312aeaca2e7db0ec9dc87a2f99a [log] [tgz]
author: Jingning Han <jingning@google.com> Wed Feb 20 15:32:17 2013 -0800
committer: James Zern <jzern@google.com> Fri Feb 22 12:30:35 2013 -0800
tree: 1bbea638257ef94f8cfc4095f254c0a9b6cbaf8e
parent: 0ef72720d0c54be9faa8287652eeab7b4cd5b7fb [diff]
diff --git a/vp9/encoder/vp9_onyx_if.c b/vp9/encoder/vp9_onyx_if.c
index fbdc2d2..27e0e48 100644
--- a/vp9/encoder/vp9_onyx_if.c
+++ b/vp9/encoder/vp9_onyx_if.c

@@ -1148,7 +1148,7 @@
   vpx_free(cpi->tok);
 
   {
-    unsigned int tokens = cm->mb_rows * cm->mb_cols * 24 * 16;
+    unsigned int tokens = cm->mb_rows * cm->mb_cols * (24 * 16 + 1);
 
     CHECK_MEM_ERROR(cpi->tok, vpx_calloc(tokens, sizeof(*cpi->tok)));
   }
commit	936aa281b589e312aeaca2e7db0ec9dc87a2f99a	[log] [tgz]
author	Jingning Han <jingning@google.com>	Wed Feb 20 15:32:17 2013 -0800
committer	James Zern <jzern@google.com>	Fri Feb 22 12:30:35 2013 -0800
tree	1bbea638257ef94f8cfc4095f254c0a9b6cbaf8e
parent	0ef72720d0c54be9faa8287652eeab7b4cd5b7fb [diff]