From 69b9b8525ef6dedf0bb971bb5becf8fd06293bfc Mon Sep 17 00:00:00 2001 From: Arman Hasanzadeh Date: Tue, 19 Aug 2025 11:52:40 -0700 Subject: [PATCH] Add fbounds-safety annotations for `palette`. Reasoning: The `palette` parameter in `GetColorPalette` (src/utils/palette.c:100) was annotated with `WEBP_COUNTED_BY_OR_NULL(MAX_PALETTE_SIZE)` to fix an array subscript error at src/utils/palette.c:146. This annotation reflects the function's contract, documented in src/utils/palette.h, which states that if `palette` is not NULL, it must point to memory allocated for at least `MAX_PALETTE_SIZE` elements. To make `MAX_PALETTE_SIZE` visible, `src/webp/format_constants.h` was included in `src/utils/palette.h`. Consequently, the wrapper function `WebPGetColorPalette` (src/utils/utils.c:273) and its declaration in `src/utils/utils.h` were also annotated similarly, requiring the inclusion of `src/webp/format_constants.h` in `src/utils/utils.h` as well. This resolved a compilation error caused by the type mismatch when calling the annotated `GetColorPalette` from `WebPGetColorPalette`. Bug: 432511821 Change-Id: Iceebf2facf9558dd49889f056f028d9a3fb22d41 --- src/utils/palette.c | 4 +++- src/utils/palette.h | 4 +++- src/utils/utils.c | 4 +++- src/utils/utils.h | 6 ++++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/utils/palette.c b/src/utils/palette.c index 4b1c779d..c1bf632c 100644 --- a/src/utils/palette.c +++ b/src/utils/palette.c @@ -97,7 +97,9 @@ void PrepareMapToPalette(const uint32_t palette[], uint32_t num_colors, #define COLOR_HASH_SIZE (MAX_PALETTE_SIZE * 4) #define COLOR_HASH_RIGHT_SHIFT 22 // 32 - log2(COLOR_HASH_SIZE). -int GetColorPalette(const WebPPicture* const pic, uint32_t* const palette) { +int GetColorPalette(const WebPPicture* const pic, + uint32_t* const WEBP_COUNTED_BY_OR_NULL(MAX_PALETTE_SIZE) + palette) { int i; int x, y; int num_colors = 0; diff --git a/src/utils/palette.h b/src/utils/palette.h index 4f8971ab..6f635698 100644 --- a/src/utils/palette.h +++ b/src/utils/palette.h @@ -15,6 +15,7 @@ #define WEBP_UTILS_PALETTE_H_ #include "src/utils/bounds_safety.h" +#include "src/webp/format_constants.h" #include "src/webp/types.h" WEBP_ASSUME_UNSAFE_INDEXABLE_ABI @@ -51,7 +52,8 @@ void PrepareMapToPalette(const uint32_t palette[], uint32_t num_colors, // 'palette' in a sorted order. Note: 'palette' is assumed to be an array // already allocated with at least MAX_PALETTE_SIZE elements. int GetColorPalette(const struct WebPPicture* const pic, - uint32_t* const palette); + uint32_t* const WEBP_COUNTED_BY_OR_NULL(MAX_PALETTE_SIZE) + palette); // Sorts the palette according to the criterion defined by 'method'. // 'palette_sorted' is the input palette sorted lexicographically, as done in diff --git a/src/utils/utils.c b/src/utils/utils.c index da2d9d79..68d225d2 100644 --- a/src/utils/utils.c +++ b/src/utils/utils.c @@ -271,7 +271,9 @@ void WebPCopyPixels(const WebPPicture* const src, WebPPicture* const dst) { //------------------------------------------------------------------------------ -int WebPGetColorPalette(const WebPPicture* const pic, uint32_t* const palette) { +int WebPGetColorPalette( + const WebPPicture* const pic, + uint32_t* const WEBP_COUNTED_BY_OR_NULL(MAX_PALETTE_SIZE) palette) { return GetColorPalette(pic, palette); } diff --git a/src/utils/utils.h b/src/utils/utils.h index 8f440bab..5da1642d 100644 --- a/src/utils/utils.h +++ b/src/utils/utils.h @@ -22,6 +22,7 @@ #include #include "src/utils/bounds_safety.h" +#include "src/webp/format_constants.h" #include "src/webp/types.h" WEBP_ASSUME_UNSAFE_INDEXABLE_ABI @@ -200,8 +201,9 @@ WEBP_EXTERN void WebPCopyPixels(const struct WebPPicture* const src, // Note: 'palette' is assumed to be an array already allocated with at least // MAX_PALETTE_SIZE elements. // TODO(vrabaud) remove whenever we can break the ABI. -WEBP_EXTERN int WebPGetColorPalette(const struct WebPPicture* const pic, - uint32_t* const palette); +WEBP_EXTERN int WebPGetColorPalette( + const struct WebPPicture* const pic, + uint32_t* const WEBP_COUNTED_BY_OR_NULL(MAX_PALETTE_SIZE) palette); //------------------------------------------------------------------------------