From 936aa281b589e312aeaca2e7db0ec9dc87a2f99a Mon Sep 17 00:00:00 2001
From: Jingning Han <jingning@google.com>
Date: Wed, 20 Feb 2013 15:32:17 -0800
Subject: [PATCH] Fixed the buffer overflow issue

The issue that potentially broke the encoding process was due to the fact
that the length of token link is calculated from the total number of tokens
coded, while it is possible, in high bit-rate setting, this length is
greater than the buffer length initially assigned to the cpi->tok.

This patch increases the initially allocated buffer length assigned to
cpi->tok from
(mb_rows * mb_cols * 24 * 16) to (mb_rows * mb_cols * (1 + 24 * 16)).

It resolves the buffer overflow problem.

Change-Id: I8661a8d39ea0a3c24303e3f71a170787a1d5b1df
---
 vp9/encoder/vp9_onyx_if.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vp9/encoder/vp9_onyx_if.c b/vp9/encoder/vp9_onyx_if.c
index fbdc2d2cca..27e0e48a3e 100644
--- a/vp9/encoder/vp9_onyx_if.c
+++ b/vp9/encoder/vp9_onyx_if.c
@@ -1148,7 +1148,7 @@ void vp9_alloc_compressor_data(VP9_COMP *cpi) {
   vpx_free(cpi->tok);
 
   {
-    unsigned int tokens = cm->mb_rows * cm->mb_cols * 24 * 16;
+    unsigned int tokens = cm->mb_rows * cm->mb_cols * (24 * 16 + 1);
 
     CHECK_MEM_ERROR(cpi->tok, vpx_calloc(tokens, sizeof(*cpi->tok)));
   }
-- 
GitLab