dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2025-07-16 22:09:57 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix OOB write in BuildHuffmanTable.

Browse Source 
First, BuildHuffmanTable is called to check if the data is valid.
If it is and the table is not big enough, more memory is allocated.

This will make sure that valid (but unoptimized because of unbalanced
codes) streams are still decodable.

Bug: chromium:1479274
Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
(cherry picked from commit 902bc91903)
This commit is contained in:
Vincent Rabaud
2023-09-07 21:16:03 +02:00
committed by James Zern
parent fd7bb21c0c
commit 2af26267cd
4 changed files with 129 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/dec/vp8li_dec.h
View File

@ -51,7 +51,7 @@ typedef struct {
uint32_t* huffman_image_;
int num_htree_groups_;
HTreeGroup* htree_groups_;
HuffmanCode* huffman_tables_;
HuffmanTables huffman_tables_;
} VP8LMetadata;
typedef struct VP8LDecoder VP8LDecoder;