Open fab1ano opened 1 year ago
Hi,
I found that the implementations of YUVtoRBGA and YUVtoARBG in native code do not check the sizes of the input and output arrays. See here: https://github.com/cats-oss/android-gpuimage/blob/master/library/src/main/cpp/yuv-decoder.c#L28 https://github.com/cats-oss/android-gpuimage/blob/master/library/src/main/cpp/yuv-decoder.c#L87
YUVtoRBGA
YUVtoARBG
When a user provides incorrect width or height arguments, this can lead to an OOB array access, which may terminate the app with a SIGSEGV.
I'm working on a fix and will open a pull request once finished.
Call GPUImageNativeLibrary.YUVtoARBG(yuv, width, height, output) with buffers that are smaller than width*height.
GPUImageNativeLibrary.YUVtoARBG(yuv, width, height, output)
width*height
The app crashes with SIGSEGV
No crash
Bug Reporting
Hi,
I found that the implementations of
YUVtoRBGAandYUVtoARBGin native code do not check the sizes of the input and output arrays. See here: https://github.com/cats-oss/android-gpuimage/blob/master/library/src/main/cpp/yuv-decoder.c#L28 https://github.com/cats-oss/android-gpuimage/blob/master/library/src/main/cpp/yuv-decoder.c#L87When a user provides incorrect width or height arguments, this can lead to an OOB array access, which may terminate the app with a SIGSEGV.
I'm working on a fix and will open a pull request once finished.
Steps to Reproduce
Call
GPUImageNativeLibrary.YUVtoARBG(yuv, width, height, output)with buffers that are smaller thanwidth*height.Actual Results
The app crashes with SIGSEGV
Expected Results
No crash
OS details