Skip to content

Fix heap buffer overflow in libopenapv encoder#212

Open
fkyslov wants to merge 1 commit into
AcademySoftwareFoundation:mainfrom
fkyslov:fix-heap-overflow-501452526
Open

Fix heap buffer overflow in libopenapv encoder#212
fkyslov wants to merge 1 commit into
AcademySoftwareFoundation:mainfrom
fkyslov:fix-heap-overflow-501452526

Conversation

@fkyslov

@fkyslov fkyslov commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Add bounds checking to BSW_FLUSH_4BYTE and BSW_FLUSH_8BYTE macros in oapv_vlc.c to prevent writing past the end of the bitstream buffer during VLC encoding.

Add bounds checking in enc_frame in oapv.c to ensure the cumulative tile bitstream size does not exceed the target bitstream buffer end before copying tile bitstreams.

Change-Id: Ib40bc500096b6fda93e5802d97b306e4320ba6eb

@fkyslov
Fix heap buffer overflow in libopenapv encoder
577ee9c 
Add bounds checking to BSW_FLUSH_4BYTE and BSW_FLUSH_8BYTE macros
in oapv_vlc.c to prevent writing past the end of the bitstream buffer
during VLC encoding.

Add bounds checking in enc_frame in oapv.c to ensure the cumulative
tile bitstream size does not exceed the target bitstream buffer end
before copying tile bitstreams.

These changes prevent heap buffer overflows in the encoder.

Bug: 501452526
Test: Manual verification with PoC binaries on Cuttlefish
Flag: EXEMPT CVE_FIX
Change-Id: Ib40bc500096b6fda93e5802d97b306e4320ba6eb
@fkyslov

fkyslov commented Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

@kpchoi Please review and merge if appropriate

@fkyslov fkyslov force-pushed the fix-heap-overflow-501452526 branch from 4999e46 to 577ee9c Compare June 9, 2026 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fkyslov