From ef5e1f1c9103d87a975f893e18e1d651be2ecd8a Mon Sep 17 00:00:00 2001
From: Lim Siew Hoon <siew.hoon.lim@intel.com>
Date: Fri, 1 Jul 2016 10:30:19 +0800
Subject: fix buffer overflow for dc_values and ac_values (v2)

The dc_values only have 12 bytes and ac_value only 162 bytes but the
memcpy did it for 16 bytes and 256 bytes copying thru hard code value.
To avoid the array index out of bound again, recommend move to use sizeof.

v2:
Fix commit message typo from 265 bytes to 256 bytes.

Signed-off-by: Lim Siew Hoon <siew.hoon.lim@intel.com>
(cherry picked from commit c36778ff264b3c45b538db4bbfe6aea38fcb165e)
---
 test/decode/tinyjpeg.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/test/decode/tinyjpeg.c b/test/decode/tinyjpeg.c
index f53d083..6b5435d 100644
--- a/test/decode/tinyjpeg.c
+++ b/test/decode/tinyjpeg.c
@@ -154,19 +154,23 @@ static VAHuffmanTableBufferJPEGBaseline default_huffman_table_param={
 static int build_default_huffman_tables(struct jdec_private *priv)
 {
     int i = 0;
-	if (priv->default_huffman_table_initialized)
-		return 0;
+    if (priv->default_huffman_table_initialized)
+        return 0;
 
     for (i = 0; i < 4; i++) {
         priv->HTDC_valid[i] = 1;
-        memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes, 16);
-        memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values, 16);
+        memcpy(priv->HTDC[i].bits, default_huffman_table_param.huffman_table[i].num_dc_codes,
+               sizeof(default_huffman_table_param.huffman_table[i].num_dc_codes));
+        memcpy(priv->HTDC[i].values, default_huffman_table_param.huffman_table[i].dc_values,
+               sizeof(default_huffman_table_param.huffman_table[i].dc_values));
         priv->HTAC_valid[i] = 1;
-        memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes, 16);
-        memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values, 256);
+        memcpy(priv->HTAC[i].bits, default_huffman_table_param.huffman_table[i].num_ac_codes,
+               sizeof(default_huffman_table_param.huffman_table[i].num_ac_codes));
+        memcpy(priv->HTAC[i].values, default_huffman_table_param.huffman_table[i].ac_values,
+               sizeof(default_huffman_table_param.huffman_table[i].ac_values));
     }
-	priv->default_huffman_table_initialized = 1;
-	return 0;
+    priv->default_huffman_table_initialized = 1;
+    return 0;
 }
 
 
-- 
cgit v1.2.1