Media (Intel® oneAPI Video Processing Library, Intel Media SDK)
Access community support with transcoding, decoding, and encoding in applications using media tools like Intel® oneAPI Video Processing Library and Intel® Media SDK
Announcements
The Intel sign-in experience has changed to support enhanced security controls. If you sign in, click here for more information.
3001 Discussions

found and fixed buffer bugs in new Media SDK 2021r1

diablodale
Novice
‎05-26-2021 10:01 AM
1,133 Views

Hello. The Media SDK 2021r1 SDK released this week has a few buffer under/overrun bugs in it. These bugs are also present in 2020r1.

Patch attached.

Such buffer bugs are often used for security violations. The bugs are all in one file `mfx_driver_store_loader.cpp` which is part of the dispatcher.

* Objbase.h needs to be included to access the api StringFromGUID2()

* last param on StringFromGUID2() is characters *not* bytes. Therefore it needs to be bufferbytes/sizeofbufferentity. This is done correctly in other files of the SDK.

*  RegQueryValueExW() does not guarantee null termination. See official Microsoft api docs. Therefore, it is unsafe to call wcslen(). The fix I used is to call RegGetValueW() instead. An alternative would be to use your SDK's custom WinRegKey class.

* it is unsafe to call wcscat_s() with a hardcoded char size because the size of that path is determined instead by the current function's parameters. Therefore, argument to wcscat_s() needs to be calculated using those parameters.

I've fixed the bugs locally so no rush for me. Instead for all your other customers.

Cheers

--Dale Phurrough

Labels (1)
Labels:
buffer_fixes_patch.zip
0 Kudos

Link Copied

4 Replies
Gopika_Intel
Moderator
‎05-27-2021 02:49 AM
1,104 Views

Hi,

Thank you for reporting and sharing your observations. We have informed the concerned team about this.

Regards

Gopika


Copy link
Mark_L_Intel1
Moderator
‎07-29-2021 02:18 PM
993 Views

Hi Dale,


Thanks so much for the patch to fix our issue, I am really apologized for the late response, somehow this was ignored unintentionally.


I have submitted the patch to dev team and I will keep you updated.


Mark


Copy link
AthiraM_Intel
Moderator
‎03-04-2022 12:49 AM
603 Views

Hi,


The issue is resolved. If you need any additional information, please post a new question as this thread will no longer be monitored by Intel.



Thanks


0 Kudos
Copy link
diablodale
Novice
‎03-04-2022 01:15 AM
598 Views

And where is the fix/resolution? From where can it be downloaded?

0 Kudos
Copy link
Reply

For more complete information about compiler optimizations, see our Optimization Notice.