From 605382562d8bda1a06bd12b19a3d5a2618f6a415 Mon Sep 17 00:00:00 2001 From: Andrey Kamaev Date: Sun, 31 Mar 2013 13:24:36 +0400 Subject: [PATCH] Fix stack corruption in cvConvexHull2 and heap corruption in OutputArray::create --- modules/core/src/matrix.cpp | 6 +++--- modules/imgproc/src/convhull.cpp | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/core/src/matrix.cpp b/modules/core/src/matrix.cpp index 628097b86f..d7567b2d39 100644 --- a/modules/core/src/matrix.cpp +++ b/modules/core/src/matrix.cpp @@ -1548,10 +1548,10 @@ void _OutputArray::create(int dims, const int* sizes, int mtype, int i, bool all int _type = CV_MAT_TYPE(flags); for( size_t j = len0; j < len; j++ ) { - if( v[i].type() == _type ) + if( v[j].type() == _type ) continue; - CV_Assert( v[i].empty() ); - v[i].flags = (v[i].flags & ~CV_MAT_TYPE_MASK) | _type; + CV_Assert( v[j].empty() ); + v[j].flags = (v[j].flags & ~CV_MAT_TYPE_MASK) | _type; } } return; diff --git a/modules/imgproc/src/convhull.cpp b/modules/imgproc/src/convhull.cpp index b9e1ca045a..f4f4193e5e 100644 --- a/modules/imgproc/src/convhull.cpp +++ b/modules/imgproc/src/convhull.cpp @@ -455,7 +455,7 @@ cvConvexHull2( const CvArr* array, void* hull_storage, hullseq = cvMakeSeqHeaderForArray( CV_SEQ_KIND_CURVE|CV_MAT_TYPE(mat->type)|CV_SEQ_FLAG_CLOSED, - sizeof(contour_header), CV_ELEM_SIZE(mat->type), mat->data.ptr, + sizeof(hull_header), CV_ELEM_SIZE(mat->type), mat->data.ptr, mat->cols + mat->rows - 1, &hull_header, &hullblock ); cvClearSeq( hullseq ); } @@ -475,6 +475,7 @@ cvConvexHull2( const CvArr* array, void* hull_storage, cv::convexHull(cv::cvarrToMat(ptseq, false, false, 0, &_ptbuf), h0, orientation == CV_CLOCKWISE, CV_MAT_CN(hulltype) == 2); + if( hulltype == CV_SEQ_ELTYPE_PPOINT ) { const int* idx = h0.ptr();