commit 880c5a38746f18b4cfa2cb48f46b5fc27ae31a20
author Ram Mohan <ram.mohan@ittiam.com> Fri Sep 08 20:12:11 2023 +0530
committer Dichen Zhang <dichenzhang@google.com> Fri Sep 08 17:01:56 2023 +0000
tree 0cf053f2627a9a229c20aee71df5e87554c7f529
parent f3c297985f77ee5f75d0ae980187e59c24b8318a

ultrahdr: asan fix, release memory after all usages

The intermediate jpg image is stored in memory and is being released
well before its usage causing undefined behaviour

Bug: 299603934
Test: atest ultrahdr_unit_test

Change-Id: I1f74d329320daf444df6344cd0f73ab05c9f22d2

libs/ultrahdr/jpegr.cpp

diff --git a/libs/ultrahdr/jpegr.cpp b/libs/ultrahdr/jpegr.cpp
index 705a121..3d70fce 100644
--- a/libs/ultrahdr/jpegr.cpp
+++ b/libs/ultrahdr/jpegr.cpp
@@ -85,13 +85,11 @@
                                 jr_compressed_ptr pSource,
                                 size_t exif_pos,
                                 size_t exif_size) {
-  memcpy(pDest, pSource, sizeof(jpegr_compressed_struct));
-
   const size_t exif_offset = 4; //exif_pos has 4 bytes offset to the FF sign
   pDest->length = pSource->length - exif_size - exif_offset;
   pDest->data = new uint8_t[pDest->length];
-  std::unique_ptr<uint8_t[]> dest_data;
-  dest_data.reset(reinterpret_cast<uint8_t*>(pDest->data));
+  pDest->maxLength = pDest->length;
+  pDest->colorGamut = pSource->colorGamut;
   memcpy(pDest->data, pSource->data, exif_pos - exif_offset);
   memcpy((uint8_t*)pDest->data + exif_pos - exif_offset,
          (uint8_t*)pSource->data + exif_pos + exif_size,
@@ -1262,12 +1260,12 @@
   if (!decoder.extractEXIF(primary_jpg_image_ptr->data, primary_jpg_image_ptr->length)) {
     return ERROR_JPEGR_DECODE_ERROR;
   }
-  jpegr_exif_struct exif_from_jpg;
-  exif_from_jpg.data = nullptr;
-  exif_from_jpg.length = 0;
-  jpegr_compressed_struct new_jpg_image;
-  new_jpg_image.data = nullptr;
-  new_jpg_image.length = 0;
+  jpegr_exif_struct exif_from_jpg = {.data = nullptr, .length = 0};
+  jpegr_compressed_struct new_jpg_image = {.data = nullptr,
+                                           .length = 0,
+                                           .maxLength = 0,
+                                           .colorGamut = ULTRAHDR_COLORGAMUT_UNSPECIFIED};
+  std::unique_ptr<uint8_t[]> dest_data;
   if (decoder.getEXIFPos() >= 0) {
     if (pExif != nullptr) {
       ALOGE("received EXIF from outside while the primary image already contains EXIF");
@@ -1277,6 +1275,7 @@
                         primary_jpg_image_ptr,
                         decoder.getEXIFPos(),
                         decoder.getEXIFSize());
+    dest_data.reset(reinterpret_cast<uint8_t*>(new_jpg_image.data));
     exif_from_jpg.data = decoder.getEXIFPtr();
     exif_from_jpg.length = decoder.getEXIFSize();
     pExif = &exif_from_jpg;