dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2025-04-18 14:56:47 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

misc fixes in libwebpmux

Browse Source 
* Assert chunklist
  * fix potential memory leak and
  * fix null pointer access

There should not be several alpha_ or img_ chunks in SynthesizeBitstream. Use ChunkListDelete in MuxImageRelease to be safe.
A null pointer accessed in WebPMuxPushFrame triggered a harmless runtime error.

Change-Id: I3027f8752093652bd41f55e667d041c0de77ab6e
This commit is contained in:
Yannis Guyon 2018-07-04 20:19:47 +02:00
parent e00af13ef4
commit 4338cd36fe
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/mux/muxedit.c
View File

@ -266,14 +266,14 @@ WebPMuxError WebPMuxPushFrame(WebPMux* mux, const WebPMuxFrameInfo* info,
int copy_data) { int copy_data) {
WebPMuxImage wpi; WebPMuxImage wpi;
WebPMuxError err; WebPMuxError err;
const WebPData* const bitstream = &info->bitstream;
// Sanity checks. // Sanity checks.
if (mux == NULL || info == NULL) return WEBP_MUX_INVALID_ARGUMENT; if (mux == NULL || info == NULL) return WEBP_MUX_INVALID_ARGUMENT;
if (info->id != WEBP_CHUNK_ANMF) return WEBP_MUX_INVALID_ARGUMENT; if (info->id != WEBP_CHUNK_ANMF) return WEBP_MUX_INVALID_ARGUMENT;
if (bitstream->bytes == NULL || bitstream->size > MAX_CHUNK_PAYLOAD) { if (info->bitstream.bytes == NULL ||
info->bitstream.size > MAX_CHUNK_PAYLOAD) {
return WEBP_MUX_INVALID_ARGUMENT; return WEBP_MUX_INVALID_ARGUMENT;
} }
@ -287,7 +287,7 @@ WebPMuxError WebPMuxPushFrame(WebPMux* mux, const WebPMuxFrameInfo* info,
} }
MuxImageInit(&wpi); MuxImageInit(&wpi);
err = SetAlphaAndImageChunks(bitstream, copy_data, &wpi); err = SetAlphaAndImageChunks(&info->bitstream, copy_data, &wpi);
if (err != WEBP_MUX_OK) goto Err; if (err != WEBP_MUX_OK) goto Err;
assert(wpi.img_ != NULL); // As SetAlphaAndImageChunks() was successful. assert(wpi.img_ != NULL); // As SetAlphaAndImageChunks() was successful.

8
src/mux/muxinternal.c
View File

@ -227,9 +227,11 @@ void MuxImageInit(WebPMuxImage* const wpi) {
WebPMuxImage* MuxImageRelease(WebPMuxImage* const wpi) { WebPMuxImage* MuxImageRelease(WebPMuxImage* const wpi) {
WebPMuxImage* next; WebPMuxImage* next;
if (wpi == NULL) return NULL; if (wpi == NULL) return NULL;
ChunkDelete(wpi->header_); // There should be at most one chunk of header_, alpha_, img_ but we call
ChunkDelete(wpi->alpha_); // ChunkListDelete to be safe
ChunkDelete(wpi->img_); ChunkListDelete(&wpi->header_);
ChunkListDelete(&wpi->alpha_);
ChunkListDelete(&wpi->img_);
ChunkListDelete(&wpi->unknown_); ChunkListDelete(&wpi->unknown_);
next = wpi->next_; next = wpi->next_;

4
src/mux/muxread.c
View File

@ -400,6 +400,10 @@ static WebPMuxError SynthesizeBitstream(const WebPMuxImage* const wpi,
uint8_t* const data = (uint8_t*)WebPSafeMalloc(1ULL, size); uint8_t* const data = (uint8_t*)WebPSafeMalloc(1ULL, size);
if (data == NULL) return WEBP_MUX_MEMORY_ERROR; if (data == NULL) return WEBP_MUX_MEMORY_ERROR;
// There should be at most one alpha_ chunk and exactly one img_ chunk.
assert(wpi->alpha_ == NULL || wpi->alpha_->next_ == NULL);
assert(wpi->img_ != NULL && wpi->img_->next_ == NULL);
// Main RIFF header. // Main RIFF header.
dst = MuxEmitRiffHeader(data, size); dst = MuxEmitRiffHeader(data, size);