To fix two critical Klocwork issues in libmix
BZ: 129623
Two critical issues in libmix:
1. Null pointer 'data' that comes from line 160
may be dereferenced at line 182. Also there
is one similar error on line 190.
File: libmix/videodecoder/securevideo/
baytrail/VideoDecoderAVCSecure.cpp:182 | decode()
2. Array 'op' of size 16 may use index value(s) 16.
Also there are 6 similar errors on line(s) 542,
547, 552, 556, 557, 562.
File: libmix/mix_vbp/viddec_fw/fw/codecs/
h264/parser/viddec_h264secure_parse.c:538
| h264secure_Parse_Dec_Ref_Pic_Marking()
Fix:
1. Check the 'data' pointer before dereference it
2. Limit the idx value to be smaller than 16
Change-Id: Iba48665147822a23873ca8ef3c0fc5b0f3de03ee
Signed-off-by: wfeng6 <wei.feng@intel.com>
Reviewed-on: http://android.intel.com:8080/124651
Reviewed-by: Shi, PingX <pingx.shi@intel.com>
Reviewed-by: Guo, Nana N <nana.n.guo@intel.com>
Tested-by: Ding, Haitao <haitao.ding@intel.com>
Reviewed-by: cactus <cactus@intel.com>
Tested-by: cactus <cactus@intel.com>
diff --git a/mix_vbp/viddec_fw/fw/codecs/h264/parser/viddec_h264secure_parse.c b/mix_vbp/viddec_fw/fw/codecs/h264/parser/viddec_h264secure_parse.c
index 55225ed..753618a 100644
--- a/mix_vbp/viddec_fw/fw/codecs/h264/parser/viddec_h264secure_parse.c
+++ b/mix_vbp/viddec_fw/fw/codecs/h264/parser/viddec_h264secure_parse.c
@@ -533,7 +533,7 @@
{
do
{
- if (i < NUM_MMCO_OPERATIONS)
+ if (i < MAX_OP)
{
code = sliceheader_p->ref_pic_marking.op[i].memory_management_control_operation;
SliceHeader->sh_dec_refpic.memory_management_control_operation[i] = code;
@@ -568,7 +568,7 @@
}
}
- if (i >= NUM_MMCO_OPERATIONS) {
+ if (i >= MAX_OP) {
return H264_STATUS_ERROR;
}
} while (SliceHeader->sh_dec_refpic.memory_management_control_operation[i++] != 0);
diff --git a/videodecoder/securevideo/baytrail/VideoDecoderAVCSecure.cpp b/videodecoder/securevideo/baytrail/VideoDecoderAVCSecure.cpp
index 4ded53f..675b37a 100644
--- a/videodecoder/securevideo/baytrail/VideoDecoderAVCSecure.cpp
+++ b/videodecoder/securevideo/baytrail/VideoDecoderAVCSecure.cpp
@@ -178,6 +178,11 @@
CHECK_STATUS("VideoDecoderBase::updateBuffer");
}
+ if (data == NULL) {
+ ETRACE("Invalid data returned by parser!");
+ return DECODE_MEMORY_FAIL;
+ }
+
if (!mVAStarted) {
if (data->has_sps && data->has_pps) {
status = startVA(data);