From 2760d8782718256ce0157ee7fac841ed1c69bdc8 Mon Sep 17 00:00:00 2001 From: Vincent Rabaud Date: Tue, 4 Nov 2025 10:24:45 +0100 Subject: [PATCH] Do not index costs out of bounds. In practice, the value is never read. Change-Id: Idb33dad2581e597bd5e5b5c9414ae2c34f3a8ef2 --- src/enc/quant_enc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/enc/quant_enc.c b/src/enc/quant_enc.c index 4adc1a48..70929924 100644 --- a/src/enc/quant_enc.c +++ b/src/enc/quant_enc.c @@ -646,7 +646,13 @@ static int TrellisQuantizeBlock(const VP8Encoder* WEBP_RESTRICT const enc, int best_prev; score_t cost, score; - ss_cur[m].costs = costs[n + 1][ctx]; + // costs is [16][NUM_CTX == 3] but ss_cur[m].costs is only read after + // being swapped with ss_prev: the last value can be NULL. + if (n + 1 < 16) { + ss_cur[m].costs = costs[n + 1][ctx]; + } else { + ss_cur[m].costs = NULL; + } if (level < 0 || level > thresh_level) { ss_cur[m].score = MAX_COST; // Node is dead.