From 66aa10082c0ff29864e7e62a2f10048d1dbbde8c Mon Sep 17 00:00:00 2001 From: Randy Li Date: Wed, 19 Apr 2017 09:31:57 +0800 Subject: [PATCH] [mpp_buffer]: avoid accessing violation address Sometimes the offset or the offset plus the size is beyond the buffer area. It would be better to raise an error and stopping the future step rather than the kernel halt it. Change-Id: I32d6f05736c874d56e1e9f77505f16ca3a2c01ac Signed-off-by: Randy Li --- mpp/base/mpp_buffer.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mpp/base/mpp_buffer.cpp b/mpp/base/mpp_buffer.cpp index 550985a0..28be3a80 100644 --- a/mpp/base/mpp_buffer.cpp +++ b/mpp/base/mpp_buffer.cpp @@ -147,6 +147,8 @@ MPP_RET mpp_buffer_write_with_caller(MppBuffer buffer, size_t offset, void *data return MPP_OK; MppBufferImpl *p = (MppBufferImpl*)buffer; + if (offset + size > p->info.size) + return MPP_ERR_VALUE; if (NULL == p->info.ptr) mpp_buffer_mmap(p, caller);