From 5755839a4772de6123628bb0c61996d7c42a0454 Mon Sep 17 00:00:00 2001 From: Vincent Rabaud Date: Tue, 24 Mar 2026 10:38:24 +0100 Subject: [PATCH] Limit the amount of RAM allocated for Huffman trees This will help excessive memory allocation for images not encoded by libwebp. BUG: 494764367 Change-Id: I95fc345df541d8b134e455c8c33a496f46746655 --- src/dec/common_dec.h | 4 ++++ src/dec/vp8l_dec.c | 11 +++++++++-- src/enc/vp8l_enc.c | 3 +-- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/dec/common_dec.h b/src/dec/common_dec.h index 5b2f429a..7820bc88 100644 --- a/src/dec/common_dec.h +++ b/src/dec/common_dec.h @@ -59,4 +59,8 @@ enum { // Check that webp_csp_mode is within the bounds of WEBP_CSP_MODE. int IsValidColorspace(int webp_csp_mode); +// Lossless: maximum number of histogram images (sub-blocks). This is defined +// for encoding efficiency, the standard allows for more. +#define MAX_HUFF_IMAGE_SIZE 2600 + #endif // WEBP_DEC_COMMON_DEC_H_ diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c index 44bae3d4..8134d457 100644 --- a/src/dec/vp8l_dec.c +++ b/src/dec/vp8l_dec.c @@ -18,6 +18,7 @@ #include #include "src/dec/alphai_dec.h" +#include "src/dec/common_dec.h" #include "src/dec/vp8_dec.h" #include "src/dec/vp8li_dec.h" #include "src/dec/webpi_dec.h" @@ -456,6 +457,7 @@ int ReadHuffmanCodesHelper(int color_cache_bits, int num_htree_groups, kAlphabetSize[0] + ((color_cache_bits > 0) ? 1 << color_cache_bits : 0); const int table_size = kTableSize[color_cache_bits]; int* code_lengths = NULL; + int total_huffman_table_size; if ((mapping == NULL && num_htree_groups != num_htree_groups_max) || num_htree_groups > num_htree_groups_max) { @@ -466,9 +468,14 @@ int ReadHuffmanCodesHelper(int color_cache_bits, int num_htree_groups, (int*)WebPSafeCalloc((uint64_t)max_alphabet_size, sizeof(*code_lengths)); *htree_groups = VP8LHtreeGroupsNew(num_htree_groups); + // MAX_HUFF_IMAGE_SIZE is above what the libwebp encoder allows so something + // fishy might be happening. Do not allocate too much yet. + total_huffman_table_size = + (num_htree_groups_max > MAX_HUFF_IMAGE_SIZE ? MAX_HUFF_IMAGE_SIZE + : num_htree_groups) * + table_size; if (*htree_groups == NULL || code_lengths == NULL || - !VP8LHuffmanTablesAllocate(num_htree_groups * table_size, - huffman_tables)) { + !VP8LHuffmanTablesAllocate(total_huffman_table_size, huffman_tables)) { VP8LSetError(dec, VP8_STATUS_OUT_OF_MEMORY); goto Error; } diff --git a/src/enc/vp8l_enc.c b/src/enc/vp8l_enc.c index 1d66e4a5..2a1cdca0 100644 --- a/src/enc/vp8l_enc.c +++ b/src/enc/vp8l_enc.c @@ -16,6 +16,7 @@ #include #include +#include "src/dec/common_dec.h" #include "src/dsp/lossless.h" #include "src/dsp/lossless_common.h" #include "src/enc/backward_references_enc.h" @@ -31,8 +32,6 @@ #include "src/webp/format_constants.h" #include "src/webp/types.h" -// Maximum number of histogram images (sub-blocks). -#define MAX_HUFF_IMAGE_SIZE 2600 #define MAX_HUFFMAN_BITS (MIN_HUFFMAN_BITS + (1 << NUM_HUFFMAN_BITS) - 1) // Empirical value for which it becomes too computationally expensive to // compute the best predictor image.