diff --git a/src/dec/webp_dec.c b/src/dec/webp_dec.c index 650f446a..ffc8cb98 100644 --- a/src/dec/webp_dec.c +++ b/src/dec/webp_dec.c @@ -164,7 +164,7 @@ static VP8StatusCode ParseOptionalChunks( size_t* WEBP_SINGLE const alpha_size) { size_t buf_size; const uint8_t* WEBP_COUNTED_BY(buf_size) buf; - uint32_t total_size = TAG_SIZE + // "WEBP". + uint64_t total_size = TAG_SIZE + // "WEBP". CHUNK_HEADER_SIZE + // "VP8Xnnnn". VP8X_CHUNK_SIZE; // data. assert(data != NULL); diff --git a/src/dsp/rescaler.c b/src/dsp/rescaler.c index 5e2fa653..1798971f 100644 --- a/src/dsp/rescaler.c +++ b/src/dsp/rescaler.c @@ -28,9 +28,8 @@ //------------------------------------------------------------------------------ // Row import - -void WebPRescalerImportRowExpand_C(WebPRescaler* WEBP_RESTRICT const wrk, - const uint8_t* WEBP_RESTRICT src) { +WEBP_UBSAN_IGNORE_UNSIGNED_OVERFLOW void WebPRescalerImportRowExpand_C( + WebPRescaler* WEBP_RESTRICT const wrk, const uint8_t* WEBP_RESTRICT src) { const int x_stride = wrk->num_channels; const int x_out_max = wrk->dst_width * wrk->num_channels; int channel; diff --git a/src/enc/quant_enc.c b/src/enc/quant_enc.c index 70929924..5bb99ee4 100644 --- a/src/enc/quant_enc.c +++ b/src/enc/quant_enc.c @@ -623,7 +623,7 @@ static int TrellisQuantizeBlock(const VP8Encoder* WEBP_RESTRICT const enc, // note: it's important to take sign of the _original_ coeff, // so we don't have to consider level < 0 afterward. const int sign = (in[j] < 0); - const uint32_t coeff0 = (sign ? -in[j] : in[j]) + mtx->sharpen[j]; + const int32_t coeff0 = (sign ? -in[j] : in[j]) + mtx->sharpen[j]; int level0 = QUANTDIV(coeff0, iQ, B); int thresh_level = QUANTDIV(coeff0, iQ, BIAS(0x80)); if (thresh_level > MAX_LEVEL) thresh_level = MAX_LEVEL; @@ -663,7 +663,7 @@ static int TrellisQuantizeBlock(const VP8Encoder* WEBP_RESTRICT const enc, // Compute delta_error = how much coding this level will // subtract to max_error as distortion. // Here, distortion = sum of (|coeff_i| - level_i * Q_i)^2 - const int new_error = coeff0 - level * Q; + const int new_error = coeff0 - level * (int32_t)Q; const int delta_error = kWeightTrellis[j] * (new_error * new_error - coeff0 * coeff0); base_score = RDScoreTrellis(lambda, 0, delta_error); diff --git a/src/utils/random_utils.h b/src/utils/random_utils.h index 1af9a62c..1d4d6c1a 100644 --- a/src/utils/random_utils.h +++ b/src/utils/random_utils.h @@ -16,6 +16,7 @@ #include +#include "src/dsp/cpu.h" #include "src/utils/bounds_safety.h" #include "src/webp/types.h" @@ -40,8 +41,8 @@ void VP8InitRandom(VP8Random* const rg, float dithering); // Returns a centered pseudo-random number with 'num_bits' amplitude. // (uses D.Knuth's Difference-based random generator). // 'amp' is in VP8_RANDOM_DITHER_FIX fixed-point precision. -static WEBP_INLINE int VP8RandomBits2(VP8Random* const rg, int num_bits, - int amp) { +static WEBP_UBSAN_IGNORE_UNSIGNED_OVERFLOW WEBP_INLINE int VP8RandomBits2( + VP8Random* const rg, int num_bits, int amp) { int diff; assert(num_bits + VP8_RANDOM_DITHER_FIX <= 31); diff = rg->tab[rg->index1] - rg->tab[rg->index2]; diff --git a/src/utils/rescaler_utils.c b/src/utils/rescaler_utils.c index 838c0e1a..48489ce6 100644 --- a/src/utils/rescaler_utils.c +++ b/src/utils/rescaler_utils.c @@ -93,6 +93,10 @@ int WebPRescalerGetScaledDimensions(int src_width, int src_height, int* const scaled_height) { assert(scaled_width != NULL); assert(scaled_height != NULL); + if (src_width < 0 || src_height < 0 || *scaled_width < 0 || + *scaled_height < 0) { + return 0; + } { int width = *scaled_width; int height = *scaled_height;