Missing argument checks in native code
fab1ano opened this issue · 0 comments
fab1ano commented
Bug Reporting
Hi,
I found that the implementations of YUVtoRBGA and YUVtoARBG in native code do not check the sizes of the input and output arrays. See here:
https://github.com/cats-oss/android-gpuimage/blob/master/library/src/main/cpp/yuv-decoder.c#L28
https://github.com/cats-oss/android-gpuimage/blob/master/library/src/main/cpp/yuv-decoder.c#L87
When a user provides incorrect width or height arguments, this can lead to an OOB array access, which may terminate the app with a SIGSEGV.
I'm working on a fix and will open a pull request once finished.
Steps to Reproduce
Call GPUImageNativeLibrary.YUVtoARBG(yuv, width, height, output) with buffers that are smaller than width*height.
Actual Results
The app crashes with SIGSEGV
Expected Results
No crash
OS details
- Device: Redroid on Arm64
- OS: Android 11