From 561ca2cbaf175d364588a168ce4dd118ad0cc767 Mon Sep 17 00:00:00 2001 From: fanzhihao8 Date: Mon, 25 Aug 2025 20:58:15 +0800 Subject: [PATCH 1/6] fix codebug from fuzz Signed-off-by: fanzhihao8 --- .../src/image_format_convert_utils.cpp | 41 ++++++++++--------- .../innerkitsimpl/utils/include/image_utils.h | 8 ++++ 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp index b76d9b353..e3d5eb3ae 100644 --- a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp +++ b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp @@ -404,6 +404,12 @@ static bool RGBToYuvP010(const uint8_t *srcBuffer, const RGBDataInfo &rgbInfo, P srcParam.format = srcFormat; srcParam.buffer = srcBuffer; + std::unique_ptr copySrcBuffer; + if (!AlignSrcBuffer(rgbInfo, srcFormat, srcBuffer, srcParam, copySrcBuffer)) { + IMAGE_LOGE("Failed to prepare aligned src buffer for YuvToRGB"); + return false; + } + DestConvertParam destParam = {rgbInfo.width, rgbInfo.height}; destParam.format = dstFormat; @@ -1180,6 +1186,16 @@ static bool AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, con return AlignBufferCore(srcImageInfo, srcBuffer, srcParam, copySrcBuffer); } +static bool AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer) +{ + ImageInfo srcImageInfo = { + .size = {rgbInfo.width, rgbInfo.height}, + .pixelFormat = srcFormat + }; + return AlignBufferCore(srcImageInfo, srcBuffer, srcParam, copySrcBuffer); +} + static bool YuvToYuv(const uint8_t *srcBuffer, const YUVDataInfo &yDInfo, PixelFormat srcFormat, DestConvertInfo &destInfo, PixelFormat destFormat) { @@ -1243,28 +1259,15 @@ static bool RGBToYuv(const uint8_t *srcBuffer, const RGBDataInfo &rgbInfo, Pixel destInfo.bufferSize == 0) { return false; } - int32_t copyWidth = rgbInfo.width; - int32_t copyHeight = rgbInfo.height; - SrcConvertParam srcParam; + SrcConvertParam srcParam = {rgbInfo.width, rgbInfo.height}; + srcParam.format = srcFormat; srcParam.buffer = srcBuffer; + std::unique_ptr copySrcBuffer; - if (rgbInfo.width % EVEN_ALIGNMENT != 0 || rgbInfo.height % EVEN_ALIGNMENT != 0) { - if (!ImageUtils::GetAlignedNumber(copyWidth, EVEN_ALIGNMENT) || - !ImageUtils::GetAlignedNumber(copyHeight, EVEN_ALIGNMENT)) { - return false; - } - int32_t copySrcLen = copyWidth * copyHeight * ImageUtils::GetPixelBytes(srcFormat); - int32_t rgbInfoLen = rgbInfo.width * rgbInfo.height * ImageUtils::GetPixelBytes(srcFormat); - copySrcBuffer = std::make_unique(copySrcLen); - if (copySrcBuffer == nullptr || EOK != memcpy_s(copySrcBuffer.get(), rgbInfoLen, srcBuffer, rgbInfoLen)) { - IMAGE_LOGE("alloc memory or memcpy_s failed!"); - return false; - } - srcParam.buffer = copySrcBuffer.get(); + if (!AlignSrcBuffer(rgbInfo, srcFormat, srcBuffer, srcParam, copySrcBuffer)) { + IMAGE_LOGE("Failed to prepare aligned src buffer for YuvToRGB"); + return false; } - srcParam.width = static_cast(copyWidth); - srcParam.height = static_cast(copyHeight); - srcParam.format = srcFormat; DestConvertParam destParam = {destInfo.width, destInfo.height}; destParam.format = destFormat; diff --git a/frameworks/innerkitsimpl/utils/include/image_utils.h b/frameworks/innerkitsimpl/utils/include/image_utils.h index 4968f232f..4097873d8 100644 --- a/frameworks/innerkitsimpl/utils/include/image_utils.h +++ b/frameworks/innerkitsimpl/utils/include/image_utils.h @@ -127,6 +127,14 @@ public: static bool GetAlignedNumber(int32_t& number, int32_t align); static int32_t GetByteCount(ImageInfo imageInfo); static int32_t GetYUVByteCount(const ImageInfo& info); + static bool AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); + + static bool AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); + + static bool AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); template static bool CheckMulOverflow(const T& num1, const T& num2) -- Gitee From 6960f1ef1b8cfd921dcb47bd05ab64f69a873dc7 Mon Sep 17 00:00:00 2001 From: fanzhihao8 Date: Mon, 25 Aug 2025 21:01:00 +0800 Subject: [PATCH 2/6] fix codebug from fuzz Signed-off-by: fanzhihao8 --- frameworks/innerkitsimpl/utils/include/image_utils.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/frameworks/innerkitsimpl/utils/include/image_utils.h b/frameworks/innerkitsimpl/utils/include/image_utils.h index 4097873d8..f195bf1e0 100644 --- a/frameworks/innerkitsimpl/utils/include/image_utils.h +++ b/frameworks/innerkitsimpl/utils/include/image_utils.h @@ -128,13 +128,11 @@ public: static int32_t GetByteCount(ImageInfo imageInfo); static int32_t GetYUVByteCount(const ImageInfo& info); static bool AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); - + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); static bool AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); - + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); static bool AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); template static bool CheckMulOverflow(const T& num1, const T& num2) -- Gitee From 2ea8d5ad193d6c12dfff93dc84515827b9035708 Mon Sep 17 00:00:00 2001 From: fanzhihao8 Date: Tue, 26 Aug 2025 09:11:46 +0800 Subject: [PATCH 3/6] fix codebug from fuzz Signed-off-by: fanzhihao8 --- .../include/image_format_convert_utils.h | 6 ++++++ .../converter/src/image_format_convert_utils.cpp | 15 +++++++++------ .../innerkitsimpl/utils/include/image_utils.h | 6 ------ 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/frameworks/innerkitsimpl/converter/include/image_format_convert_utils.h b/frameworks/innerkitsimpl/converter/include/image_format_convert_utils.h index 2f0723fca..d13fdc0de 100644 --- a/frameworks/innerkitsimpl/converter/include/image_format_convert_utils.h +++ b/frameworks/innerkitsimpl/converter/include/image_format_convert_utils.h @@ -145,6 +145,12 @@ public: [[maybe_unused]]ColorSpace colorSpace); static bool NV12ToRGB(const uint8_t *srcBuffer, const YUVDataInfo &yDInfo, DestConvertInfo &destInfo, [[maybe_unused]]ColorSpace colorSpace); + static bool AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); + static bool AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); + static bool AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, + SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); }; } // namespace Media } // namespace OHOS diff --git a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp index e3d5eb3ae..7cfc738ea 100644 --- a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp +++ b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp @@ -1138,8 +1138,9 @@ static bool YuvToYuvParam(const YUVDataInfo &yDInfo, SrcConvertParam &srcParam, return true; } -static bool AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer) +static bool ImageFormatConvertUtils::AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, + SrcConvertParam& srcParam, + std::unique_ptr& copySrcBuffer) { if (srcImageInfo.size.width <= 0 || srcImageInfo.size.height <= 0) { IMAGE_LOGE("Invalid src width(%{public}d) or height(%{public}d)", @@ -1176,8 +1177,9 @@ static bool AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer return true; } -static bool AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer) +static bool ImageFormatConvertUtils::AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, + const uint8_t* srcBuffer, SrcConvertParam& srcParam, + std::unique_ptr& copySrcBuffer) { ImageInfo srcImageInfo = { .size = {static_cast(yDInfo.yWidth), static_cast(yDInfo.yHeight)}, @@ -1186,8 +1188,9 @@ static bool AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, con return AlignBufferCore(srcImageInfo, srcBuffer, srcParam, copySrcBuffer); } -static bool AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer) +static bool ImageFormatConvertUtils::AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, + const uint8_t* srcBuffer, SrcConvertParam& srcParam, + std::unique_ptr& copySrcBuffer) { ImageInfo srcImageInfo = { .size = {rgbInfo.width, rgbInfo.height}, diff --git a/frameworks/innerkitsimpl/utils/include/image_utils.h b/frameworks/innerkitsimpl/utils/include/image_utils.h index f195bf1e0..4968f232f 100644 --- a/frameworks/innerkitsimpl/utils/include/image_utils.h +++ b/frameworks/innerkitsimpl/utils/include/image_utils.h @@ -127,12 +127,6 @@ public: static bool GetAlignedNumber(int32_t& number, int32_t align); static int32_t GetByteCount(ImageInfo imageInfo); static int32_t GetYUVByteCount(const ImageInfo& info); - static bool AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); - static bool AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); - static bool AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, - SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer); template static bool CheckMulOverflow(const T& num1, const T& num2) -- Gitee From 1fb73614eef37c9266fe9ac03b867fe3b04bde53 Mon Sep 17 00:00:00 2001 From: fanzhihao8 Date: Tue, 26 Aug 2025 09:39:22 +0800 Subject: [PATCH 4/6] fix codebug from fuzz Signed-off-by: fanzhihao8 --- .../converter/src/image_format_convert_utils.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp index 7cfc738ea..d736c776e 100644 --- a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp +++ b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp @@ -405,7 +405,7 @@ static bool RGBToYuvP010(const uint8_t *srcBuffer, const RGBDataInfo &rgbInfo, P srcParam.buffer = srcBuffer; std::unique_ptr copySrcBuffer; - if (!AlignSrcBuffer(rgbInfo, srcFormat, srcBuffer, srcParam, copySrcBuffer)) { + if (!ImageFormatConvertUtils::AlignSrcBuffer(rgbInfo, srcFormat, srcBuffer, srcParam, copySrcBuffer)) { IMAGE_LOGE("Failed to prepare aligned src buffer for YuvToRGB"); return false; } @@ -1185,7 +1185,7 @@ static bool ImageFormatConvertUtils::AlignSrcBuffer(const YUVDataInfo& yDInfo, P .size = {static_cast(yDInfo.yWidth), static_cast(yDInfo.yHeight)}, .pixelFormat = srcFormat }; - return AlignBufferCore(srcImageInfo, srcBuffer, srcParam, copySrcBuffer); + return ImageFormatConvertUtils::AlignBufferCore(srcImageInfo, srcBuffer, srcParam, copySrcBuffer); } static bool ImageFormatConvertUtils::AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, @@ -1196,7 +1196,7 @@ static bool ImageFormatConvertUtils::AlignSrcBuffer(const RGBDataInfo &rgbInfo, .size = {rgbInfo.width, rgbInfo.height}, .pixelFormat = srcFormat }; - return AlignBufferCore(srcImageInfo, srcBuffer, srcParam, copySrcBuffer); + return ImageFormatConvertUtils::AlignBufferCore(srcImageInfo, srcBuffer, srcParam, copySrcBuffer); } static bool YuvToYuv(const uint8_t *srcBuffer, const YUVDataInfo &yDInfo, PixelFormat srcFormat, @@ -1236,7 +1236,7 @@ static bool YuvToRGB(const uint8_t *srcBuffer, const YUVDataInfo &yDInfo, PixelF srcParam.buffer = srcBuffer; std::unique_ptr copySrcBuffer; - if (!AlignSrcBuffer(yDInfo, srcFormat, srcBuffer, srcParam, copySrcBuffer)) { + if (!ImageFormatConvertUtils::AlignSrcBuffer(yDInfo, srcFormat, srcBuffer, srcParam, copySrcBuffer)) { IMAGE_LOGE("Failed to prepare aligned src buffer for YuvToRGB"); return false; } @@ -1267,7 +1267,7 @@ static bool RGBToYuv(const uint8_t *srcBuffer, const RGBDataInfo &rgbInfo, Pixel srcParam.buffer = srcBuffer; std::unique_ptr copySrcBuffer; - if (!AlignSrcBuffer(rgbInfo, srcFormat, srcBuffer, srcParam, copySrcBuffer)) { + if (!ImageFormatConvertUtils::AlignSrcBuffer(rgbInfo, srcFormat, srcBuffer, srcParam, copySrcBuffer)) { IMAGE_LOGE("Failed to prepare aligned src buffer for YuvToRGB"); return false; } -- Gitee From 8bdf1fc192458a53c9201a2d7a6760b7a9ea3d0b Mon Sep 17 00:00:00 2001 From: fanzhihao8 Date: Tue, 26 Aug 2025 09:52:36 +0800 Subject: [PATCH 5/6] fix codebug from fuzz Signed-off-by: fanzhihao8 --- .../converter/src/image_format_convert_utils.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp index d736c776e..1a3cebf87 100644 --- a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp +++ b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp @@ -1138,7 +1138,7 @@ static bool YuvToYuvParam(const YUVDataInfo &yDInfo, SrcConvertParam &srcParam, return true; } -static bool ImageFormatConvertUtils::AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, +bool ImageFormatConvertUtils::AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer) { @@ -1177,7 +1177,7 @@ static bool ImageFormatConvertUtils::AlignBufferCore(const ImageInfo& srcImageIn return true; } -static bool ImageFormatConvertUtils::AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, +bool ImageFormatConvertUtils::AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer) { @@ -1188,7 +1188,7 @@ static bool ImageFormatConvertUtils::AlignSrcBuffer(const YUVDataInfo& yDInfo, P return ImageFormatConvertUtils::AlignBufferCore(srcImageInfo, srcBuffer, srcParam, copySrcBuffer); } -static bool ImageFormatConvertUtils::AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, +bool ImageFormatConvertUtils::AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, const uint8_t* srcBuffer, SrcConvertParam& srcParam, std::unique_ptr& copySrcBuffer) { -- Gitee From c955f06769de65984aeb8379111914f6025c1d92 Mon Sep 17 00:00:00 2001 From: fanzhihao8 Date: Tue, 26 Aug 2025 10:09:02 +0800 Subject: [PATCH 6/6] fix codebug from fuzz Signed-off-by: fanzhihao8 --- .../converter/src/image_format_convert_utils.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp index 1a3cebf87..a86d6b658 100644 --- a/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp +++ b/frameworks/innerkitsimpl/converter/src/image_format_convert_utils.cpp @@ -1139,8 +1139,8 @@ static bool YuvToYuvParam(const YUVDataInfo &yDInfo, SrcConvertParam &srcParam, } bool ImageFormatConvertUtils::AlignBufferCore(const ImageInfo& srcImageInfo, const uint8_t* buffer, - SrcConvertParam& srcParam, - std::unique_ptr& copySrcBuffer) + SrcConvertParam& srcParam, + std::unique_ptr& copySrcBuffer) { if (srcImageInfo.size.width <= 0 || srcImageInfo.size.height <= 0) { IMAGE_LOGE("Invalid src width(%{public}d) or height(%{public}d)", @@ -1178,8 +1178,8 @@ bool ImageFormatConvertUtils::AlignBufferCore(const ImageInfo& srcImageInfo, con } bool ImageFormatConvertUtils::AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFormat srcFormat, - const uint8_t* srcBuffer, SrcConvertParam& srcParam, - std::unique_ptr& copySrcBuffer) + const uint8_t* srcBuffer, SrcConvertParam& srcParam, + std::unique_ptr& copySrcBuffer) { ImageInfo srcImageInfo = { .size = {static_cast(yDInfo.yWidth), static_cast(yDInfo.yHeight)}, @@ -1189,8 +1189,8 @@ bool ImageFormatConvertUtils::AlignSrcBuffer(const YUVDataInfo& yDInfo, PixelFor } bool ImageFormatConvertUtils::AlignSrcBuffer(const RGBDataInfo &rgbInfo, PixelFormat srcFormat, - const uint8_t* srcBuffer, SrcConvertParam& srcParam, - std::unique_ptr& copySrcBuffer) + const uint8_t* srcBuffer, SrcConvertParam& srcParam, + std::unique_ptr& copySrcBuffer) { ImageInfo srcImageInfo = { .size = {rgbInfo.width, rgbInfo.height}, -- Gitee