Chiebot-Mirror
/
opencv
mirror of https://github.com/opencv/opencv.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #25328 from dkurt:fix_rng_fill_oob

Browse Source 
Resolve out of bound write in RNG::fill
pull/25335/head
Alexander Smorkalov 9 months ago committed by GitHub
parent 5196b575fe 56d586aa3e
commit 87e0246bb0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      modules/core/src/rand.cpp

5
modules/core/src/rand.cpp
Unescape View File

@ -544,7 +544,7 @@ void RNG::fill( InputOutputArray _mat, int disttype,
if( disttype == UNIFORM ) if( disttype == UNIFORM )
{ {
_parambuf.allocate((sizeof(DivStruct)+sizeof(double)-1)/sizeof(double) + cn*2 + n1 + n2); _parambuf.allocate(cn*(sizeof(DivStruct)+sizeof(double)-1)/sizeof(double) + cn*4);
double* parambuf = _parambuf.data(); double* parambuf = _parambuf.data();
double* p1 = _param1.ptr<double>(); double* p1 = _param1.ptr<double>();
double* p2 = _param2.ptr<double>(); double* p2 = _param2.ptr<double>();
@ -570,6 +570,7 @@ void RNG::fill( InputOutputArray _mat, int disttype,
if( CV_IS_INT_TYPE(depth) ) if( CV_IS_INT_TYPE(depth) )
{ {
Vec2l* ip = (Vec2l*)(parambuf + cn*2); Vec2l* ip = (Vec2l*)(parambuf + cn*2);
CV_DbgCheckLT((size_t)(cn*4 - 1), _parambuf.size(), "");
for( j = 0, fast_int_mode = true; j < cn; j++ ) for( j = 0, fast_int_mode = true; j < cn; j++ )
{ {
double a = std::min(p1[j], p2[j]); double a = std::min(p1[j], p2[j]);
@ -615,6 +616,7 @@ void RNG::fill( InputOutputArray _mat, int disttype,
if( !fast_int_mode ) if( !fast_int_mode )
{ {
DivStruct* ds = (DivStruct*)(ip + cn); DivStruct* ds = (DivStruct*)(ip + cn);
CV_DbgCheckLE((void*)(ds + cn), (void*)(parambuf + _parambuf.size()), "Last byte check");
for( j = 0; j < cn; j++ ) for( j = 0; j < cn; j++ )
{ {
ds[j].delta = ip[j][1]; ds[j].delta = ip[j][1];
@ -645,6 +647,7 @@ void RNG::fill( InputOutputArray _mat, int disttype,
// so that a signed 32/64-bit integer X is transformed to // so that a signed 32/64-bit integer X is transformed to
// the range [param1.val[i], param2.val[i]) using // the range [param1.val[i], param2.val[i]) using
// dparam[0][i]*X + dparam[1][i] // dparam[0][i]*X + dparam[1][i]
CV_DbgCheckLT((size_t)(cn*4 - 1), _parambuf.size(), "");
if( depth != CV_64F ) if( depth != CV_64F )
{ {
Vec2f* fp = (Vec2f*)(parambuf + cn*2); Vec2f* fp = (Vec2f*)(parambuf + cn*2);

Write Preview
Loading…
Cancel
Save