From cbfa9eecf497417ebe9a828b39ded310e0e65684 Mon Sep 17 00:00:00 2001 From: James Zern Date: Tue, 31 Jul 2012 11:59:54 -0700 Subject: [PATCH 1/2] lossless: fix crash on user abort avoid free on uninitialized bit writer buffer Change-Id: I1a41b2cea421bf5a2ea0af33c6e84018cb997caf --- src/enc/vp8l.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/enc/vp8l.c b/src/enc/vp8l.c index 82bef500..362b767b 100644 --- a/src/enc/vp8l.c +++ b/src/enc/vp8l.c @@ -1051,11 +1051,14 @@ int VP8LEncodeImage(const WebPConfig* const config, if (config == NULL || picture->argb == NULL) { err = VP8_ENC_ERROR_NULL_PARAMETER; - goto Error; + WebPEncodingSetError(picture, err); + return 0; } width = picture->width; height = picture->height; + VP8LBitWriterInit(&bw, (width * height) >> 1); + if (!WebPReportProgress(picture, 1, &percent)) { UserAbort: err = VP8_ENC_ERROR_USER_ABORT; @@ -1073,7 +1076,6 @@ int VP8LEncodeImage(const WebPConfig* const config, } // Write image size. - VP8LBitWriterInit(&bw, (width * height) >> 1); if (!WriteImageSize(picture, &bw)) { err = VP8_ENC_ERROR_OUT_OF_MEMORY; goto Error; From 183cba83a7977b835be66f9c5498af704e14e449 Mon Sep 17 00:00:00 2001 From: James Zern Date: Tue, 31 Jul 2012 12:11:40 -0700 Subject: [PATCH 2/2] check VP8LBitWriterInit return Change-Id: I460906281598f5792bd75a25b14b449c8daaff8c --- src/enc/alpha.c | 4 ++-- src/enc/vp8l.c | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/enc/alpha.c b/src/enc/alpha.c index 97538da9..51a8cd10 100644 --- a/src/enc/alpha.c +++ b/src/enc/alpha.c @@ -84,8 +84,8 @@ static int EncodeLossless(const uint8_t* const data, int width, int height, config.quality = 10.f + 15.f * effort_level; if (config.quality > 100.f) config.quality = 100.f; - VP8LBitWriterInit(&tmp_bw, (width * height) >> 3); - ok = (VP8LEncodeStream(&config, &picture, &tmp_bw) == VP8_ENC_OK); + ok = VP8LBitWriterInit(&tmp_bw, (width * height) >> 3); + ok = ok && (VP8LEncodeStream(&config, &picture, &tmp_bw) == VP8_ENC_OK); WebPPictureFree(&picture); if (ok) { const uint8_t* const data = VP8LBitWriterFinish(&tmp_bw); diff --git a/src/enc/vp8l.c b/src/enc/vp8l.c index 362b767b..2d82ce26 100644 --- a/src/enc/vp8l.c +++ b/src/enc/vp8l.c @@ -1057,7 +1057,10 @@ int VP8LEncodeImage(const WebPConfig* const config, width = picture->width; height = picture->height; - VP8LBitWriterInit(&bw, (width * height) >> 1); + if (!VP8LBitWriterInit(&bw, (width * height) >> 1)) { + err = VP8_ENC_ERROR_OUT_OF_MEMORY; + goto Error; + } if (!WebPReportProgress(picture, 1, &percent)) { UserAbort: