From dd7dae5eb78ecb3d38e9845b41dfa338e4fef034 Mon Sep 17 00:00:00 2001 From: Geunsik Lim Date: Fri, 21 Sep 2018 13:55:28 +0900 Subject: [PATCH] Security: fix a buffer overflow issue in gst_tensor_dimension_conversion() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Fixed issue https://github.com/nnsuite/nnstreamer/issues/552. This commit is to fix a security issue that is reported by CPPCheck and SVACE tool. **Changes proposed in this PR:** 1. Initialized in and out variable to avoid a buffer overflow issue. * SVACE Checker: ```bash BUFFER_OVERFLOW.PROC Warning Message Array 'in' of size 16 bytes passed to function 'gst_tensor_dimension_conversion' at tensor_transform.c:968 by passing as 5th parameter to function 'gst_tensor_dimension_conversion' at tensor_transform.c:1016, where it is accessed by unacceptable index. This may lead to buffer overflow. Trace Message buffer overflow ┗ Shift at tensor_transform.c:968 ┗ Variable '↦in[0]' is passed to function 'gst_tensor_dimension_conversion' as 5th parameter at tensor_transform.c:1016 at tensor_transform.c:1016 ``` * CPPChecker: ```bash [gst/tensor_transform/tensor_transform.c:1007]: (error) Uninitialized variable: in [gst/tensor_transform/tensor_transform.c:1010]: (error) Uninitialized variable: in [gst/tensor_transform/tensor_transform.c:1018]: (error) Uninitialized variable: in [gst/tensor_transform/tensor_transform.c:1021]: (error) Uninitialized variable: in [gst/tensor_transform/tensor_transform.c:1010]: (error) Uninitialized variable: out [gst/tensor_transform/tensor_transform.c:1013]: (error) Uninitialized variable: out [gst/tensor_transform/tensor_transform.c:1015]: (error) Uninitialized variable: out [gst/tensor_transform/tensor_transform.c:1018]: (error) Uninitialized variable: out ``` Signed-off-by: Geunsik Lim --- gst/tensor_transform/tensor_transform.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gst/tensor_transform/tensor_transform.c b/gst/tensor_transform/tensor_transform.c index d113d40..d9dd713 100644 --- a/gst/tensor_transform/tensor_transform.c +++ b/gst/tensor_transform/tensor_transform.c @@ -994,7 +994,8 @@ gst_tensor_transform_transform_caps (GstBaseTransform * trans, GstPadDirection direction, GstCaps * caps, GstCaps * filtercap) { /** @todo NYI: framerate configuration! */ - tensor_dim in, out; + tensor_dim in = { 0, }; + tensor_dim out = { 0, }; tensor_type itype, otype; gboolean ret; GstTensor_Transform *filter = GST_TENSOR_TRANSFORM_CAST (trans); -- 2.7.4