From: Roman Sivriver <roman@rsiv.net>
Date: Tue, 18 Jun 2019 01:57:33 +0000 (-0400)
Subject: video-and: Fix buffer overflow detected by asan
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2b25862973b0e05377662acf3ed02efa76e15caa;p=platform%2Fupstream%2Fgst-plugins-base.git

video-and: Fix buffer overflow detected by asan

gst_meta_api_type_register() assumes that the last tags element is null, but it wasn't

==17422==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f4e2a67c998 at pc 0x7f4e2a0c92ac bp 0x7ffcc41f80b0 sp 0x7ffcc41f80a0
READ of size 8 at 0x7f4e2a67c998 thread T0
    #0 0x7f4e2a0c92ab in gst_meta_api_type_register ../subprojects/gstreamer/gst/gstmeta.c:94
    #1 0x7f4e2a5582c3 in gst_video_afd_meta_api_get_type ../subprojects/gst-plugins-base/gst-libs/gst/video/video-anc.c:1146
    #2 0x404c7c in invoke_get_type (/home/ubuntu/gst-build/build/tmp-introspect5gv1rovo/GstVideo-1.0+0x404c7c)
    #3 0x406b5c in dump_irepository (/home/ubuntu/gst-build/build/tmp-introspect5gv1rovo/GstVideo-1.0+0x406b5c)
    #4 0x407089 in main (/home/ubuntu/gst-build/build/tmp-introspect5gv1rovo/GstVideo-1.0+0x407089)
    #5 0x7f4e295b4b6a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26b6a)
    #6 0x404479 in _start (/home/ubuntu/gst-build/build/tmp-introspect5gv1rovo/GstVideo-1.0+0x404479)

0x7f4e2a67c998 is located 40 bytes to the left of global variable 'tags' defined in '../subprojects/gst-plugins-base/gst-libs/gst/video/video-anc.c:1232:25' (0x7f4e2a67c9c0) of size 24
0x7f4e2a67c998 is located 0 bytes to the right of global variable 'tags' defined in '../subprojects/gst-plugins-base/gst-libs/gst/video/video-anc.c:1141:25' (0x7f4e2a67c980) of size 24
SUMMARY: AddressSanitizer: global-buffer-overflow ../subprojects/gstreamer/gst/gstmeta.c:94 in gst_meta_api_type_register
---

diff --git a/gst-libs/gst/video/video-anc.c b/gst-libs/gst/video/video-anc.c
index 87a084e..48291bc 100644
--- a/gst-libs/gst/video/video-anc.c
+++ b/gst-libs/gst/video/video-anc.c
@@ -1141,7 +1141,8 @@ gst_video_afd_meta_api_get_type (void)
     static const gchar *tags[] = {
       GST_META_TAG_VIDEO_SIZE_STR,
       GST_META_TAG_VIDEO_ORIENTATION_STR,
-      GST_META_TAG_VIDEO_STR
+      GST_META_TAG_VIDEO_STR,
+      NULL
     };
     GType _type = gst_meta_api_type_register ("GstVideoAFDMetaAPI", tags);
     g_once_init_leave (&type, _type);
@@ -1232,7 +1233,8 @@ gst_video_bar_meta_api_get_type (void)
     static const gchar *tags[] = {
       GST_META_TAG_VIDEO_SIZE_STR,
       GST_META_TAG_VIDEO_ORIENTATION_STR,
-      GST_META_TAG_VIDEO_STR
+      GST_META_TAG_VIDEO_STR,
+      NULL
     };
     GType _type = gst_meta_api_type_register ("GstVideoBarMetaAPI", tags);
     g_once_init_leave (&type, _type);