From 116d235c30c0592aef4678dde3e7dbac1449c6e6 Mon Sep 17 00:00:00 2001 From: James Zern Date: Tue, 22 Jun 2021 23:07:04 +0000 Subject: [PATCH] anim_encode: Fix encoded_frames_[] overflow Check encoded_frames_ count and call FlushFrames if necessary after IncreasePreviousDuration. Avoids an overflow in encoded_frames_[] with -kmax 0 and an assertion failure related to the previous and keyframe durations when a frame is forced in this way. Based on patch by tomwei7g gmail Bug: webp:518 Change-Id: Idef685e6c06a67d48fcdc048265ca0e672a01263 --- src/mux/anim_encode.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/mux/anim_encode.c b/src/mux/anim_encode.c index cea2beba..4a2bf6c9 100644 --- a/src/mux/anim_encode.c +++ b/src/mux/anim_encode.c @@ -946,7 +946,8 @@ static int IncreasePreviousDuration(WebPAnimEncoder* const enc, int duration) { int new_duration; assert(enc->count_ >= 1); - assert(prev_enc_frame->sub_frame_.duration == + assert(!prev_enc_frame->is_key_frame_ || + prev_enc_frame->sub_frame_.duration == prev_enc_frame->key_frame_.duration); assert(prev_enc_frame->sub_frame_.duration == (prev_enc_frame->sub_frame_.duration & (MAX_DURATION - 1))); @@ -1355,6 +1356,12 @@ int WebPAnimEncoderAdd(WebPAnimEncoder* enc, WebPPicture* frame, int timestamp, if (!IncreasePreviousDuration(enc, (int)prev_frame_duration)) { return 0; } + // IncreasePreviousDuration() may add a frame to avoid exceeding + // MAX_DURATION which could cause CacheFrame() to over read encoded_frames_ + // before the next flush. + if (enc->count_ == enc->size_ && !FlushFrames(enc)) { + return 0; + } } else { enc->first_timestamp_ = timestamp; }