From 232ccc2fbe06599a20535fc97bb7e25767524f46 Mon Sep 17 00:00:00 2001 From: Jingning Han Date: Wed, 20 Feb 2013 15:32:17 -0800 Subject: [PATCH] Fixed the buffer overflow issue The issue that potentially broke the encoding process was due to the fact that the length of token link is calculated from the total number of tokens coded, while it is possible, in high bit-rate setting, this length is greater than the buffer length initially assigned to the cpi->tok. This patch increases the initially allocated buffer length assigned to cpi->tok from (mb_rows * mb_cols * 24 * 16) to (mb_rows * mb_cols * (1 + 24 * 16)). It resolves the buffer overflow problem. Change-Id: I8661a8d39ea0a3c24303e3f71a170787a1d5b1df --- vp9/encoder/vp9_onyx_if.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vp9/encoder/vp9_onyx_if.c b/vp9/encoder/vp9_onyx_if.c index 2528122a6..9355c02a1 100644 --- a/vp9/encoder/vp9_onyx_if.c +++ b/vp9/encoder/vp9_onyx_if.c @@ -947,7 +947,7 @@ void vp9_alloc_compressor_data(VP9_COMP *cpi) { vpx_free(cpi->tok); { - unsigned int tokens = cm->mb_rows * cm->mb_cols * 24 * 16; + unsigned int tokens = cm->mb_rows * cm->mb_cols * (24 * 16 + 1); CHECK_MEM_ERROR(cpi->tok, vpx_calloc(tokens, sizeof(*cpi->tok))); } -- 2.50.1