lib: Fix crash when too many minutiae were detected

struct xyt_struct uses a fixed-sized array to fit MAX_BOZORTH_MINUTIAE (200) minutiae. MAX_FILE_MINUTIAE is 1000. So if we detected more than MAX_BOZORTH_MINUTIAE, we would crash copying the data from the capture to the structure. We might want to use dynamically allocated arrays in the future (or bigger ones) so that we don't lose minutiae. Closes: #116
2018-10-12 12:27:37 +02:00 · 2018-10-12 12:27:37 +02:00 · 3a7b03f022
commit 3a7b03f022
parent 94450a1d74
1 changed files with 2 additions and 3 deletions
--- a/libfprint/fpi-img.c
+++ b/libfprint/fpi-img.c
@ -269,9 +269,8 @@ static void minutiae_to_xyt(struct fp_minutiae *minutiae, int bwidth,
 	struct minutiae_struct c[MAX_FILE_MINUTIAE];
 	struct xyt_struct *xyt = (struct xyt_struct *) buf;

-	/* FIXME: only considers first 150 minutiae (MAX_FILE_MINUTIAE) */
-	/* nist does weird stuff with 150 vs 1000 limits */
-	int nmin = min(minutiae->num, MAX_FILE_MINUTIAE);
+	/* struct xyt_struct uses arrays of MAX_BOZORTH_MINUTIAE (200) */
+	int nmin = min(minutiae->num, MAX_BOZORTH_MINUTIAE);

 	for (i = 0; i < nmin; i++){
 		minutia = minutiae->list[i];