From cdaac014900d722ed294c864216e381377d09897 Mon Sep 17 00:00:00 2001 From: Arman Hasanzadeh Date: Wed, 13 Aug 2025 17:00:23 -0700 Subject: [PATCH] Add fbounds-safety annotations for `VP8BitWriter`. Reasoning: The `fbounds-safety` compiler extension reported out-of-bounds accesses on the `buf` member of the `VP8BitWriter` struct (defined in `src/utils/bit_writer_utils.h`, line 36). These occurred in `src/utils/bit_writer_utils.c` at lines 70, 74, 76, and 189, where `buf` was used with array indexing or pointer arithmetic despite being a `__single` pointer by default. To fix this, the `buf` member was annotated as `__sized_by_or_null(max_pos)` in `src/utils/bit_writer_utils.h` (line 36), associating it with the `max_pos` member which stores the buffer size. This annotation introduced a new build error in the `BitWriterResize` function (`src/utils/bit_writer_utils.c`, line 55) when assigning the result of `WebPSafeMalloc` (an `__unsafe_indexable` pointer) to the now-annotated `bw->buf`. This was resolved by: 1. Using `bw->buf = __unsafe_forge_bidi_indexable(uint8_t*, new_buf, new_size);` (line 55) to create a properly bounded pointer from the `malloc` result (`new_buf`) using its size (`new_size`) before assigning it to `bw->buf`. Bug: 432511821 Change-Id: I1a24a9a432388ccce53a5e9b3b5e58d22aa61d0c --- src/utils/bit_writer_utils.c | 2 +- src/utils/bit_writer_utils.h | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/utils/bit_writer_utils.c b/src/utils/bit_writer_utils.c index bd2355a1..1e1f1c72 100644 --- a/src/utils/bit_writer_utils.c +++ b/src/utils/bit_writer_utils.c @@ -52,7 +52,7 @@ static int BitWriterResize(VP8BitWriter* const bw, size_t extra_size) { WEBP_UNSAFE_MEMCPY(new_buf, bw->buf, bw->pos); } WebPSafeFree(bw->buf); - bw->buf = new_buf; + bw->buf = WEBP_UNSAFE_FORGE_BIDI_INDEXABLE(uint8_t*, new_buf, new_size); bw->max_pos = new_size; return 1; } diff --git a/src/utils/bit_writer_utils.h b/src/utils/bit_writer_utils.h index d0cdd01d..36704234 100644 --- a/src/utils/bit_writer_utils.h +++ b/src/utils/bit_writer_utils.h @@ -32,9 +32,10 @@ typedef struct VP8BitWriter VP8BitWriter; struct VP8BitWriter { int32_t range; // range-1 int32_t value; - int run; // number of outstanding bits - int nb_bits; // number of pending bits - uint8_t* buf; // internal buffer. Re-allocated regularly. Not owned. + int run; // number of outstanding bits + int nb_bits; // number of pending bits + // internal buffer. Re-allocated regularly. Not owned. + uint8_t* WEBP_SIZED_BY_OR_NULL(max_pos) buf; size_t pos; size_t max_pos; int error; // true in case of error