dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2026-04-09 14:22:31 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix some harmless potential overflows.

Browse Source 
Change-Id: Iebf78971f43b795d90e05316540ce00ba79443dc
This commit is contained in:
Vincent Rabaud
2026-03-27 22:09:00 +01:00
parent 5755839a47
commit d9bf5734bb
5 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/dec/webp_dec.c
View File

@@ -164,7 +164,7 @@ static VP8StatusCode ParseOptionalChunks(
size_t* WEBP_SINGLE const alpha_size) { size_t* WEBP_SINGLE const alpha_size) {
size_t buf_size; size_t buf_size;
const uint8_t* WEBP_COUNTED_BY(buf_size) buf; const uint8_t* WEBP_COUNTED_BY(buf_size) buf;
uint32_t total_size = TAG_SIZE + // "WEBP". uint64_t total_size = TAG_SIZE + // "WEBP".
CHUNK_HEADER_SIZE + // "VP8Xnnnn". CHUNK_HEADER_SIZE + // "VP8Xnnnn".
VP8X_CHUNK_SIZE; // data. VP8X_CHUNK_SIZE; // data.
assert(data != NULL); assert(data != NULL);

5
src/dsp/rescaler.c
View File

@@ -28,9 +28,8 @@
//------------------------------------------------------------------------------ //------------------------------------------------------------------------------
// Row import // Row import
WEBP_UBSAN_IGNORE_UNSIGNED_OVERFLOW void WebPRescalerImportRowExpand_C(
void WebPRescalerImportRowExpand_C(WebPRescaler* WEBP_RESTRICT const wrk, WebPRescaler* WEBP_RESTRICT const wrk, const uint8_t* WEBP_RESTRICT src) {
const uint8_t* WEBP_RESTRICT src) {
const int x_stride = wrk->num_channels; const int x_stride = wrk->num_channels;
const int x_out_max = wrk->dst_width * wrk->num_channels; const int x_out_max = wrk->dst_width * wrk->num_channels;
int channel; int channel;

4
src/enc/quant_enc.c
View File

@@ -623,7 +623,7 @@ static int TrellisQuantizeBlock(const VP8Encoder* WEBP_RESTRICT const enc,
// note: it's important to take sign of the _original_ coeff, // note: it's important to take sign of the _original_ coeff,
// so we don't have to consider level < 0 afterward. // so we don't have to consider level < 0 afterward.
const int sign = (in[j] < 0); const int sign = (in[j] < 0);
const uint32_t coeff0 = (sign ? -in[j] : in[j]) + mtx->sharpen[j]; const int32_t coeff0 = (sign ? -in[j] : in[j]) + mtx->sharpen[j];
int level0 = QUANTDIV(coeff0, iQ, B); int level0 = QUANTDIV(coeff0, iQ, B);
int thresh_level = QUANTDIV(coeff0, iQ, BIAS(0x80)); int thresh_level = QUANTDIV(coeff0, iQ, BIAS(0x80));
if (thresh_level > MAX_LEVEL) thresh_level = MAX_LEVEL; if (thresh_level > MAX_LEVEL) thresh_level = MAX_LEVEL;
@@ -663,7 +663,7 @@ static int TrellisQuantizeBlock(const VP8Encoder* WEBP_RESTRICT const enc,
// Compute delta_error = how much coding this level will // Compute delta_error = how much coding this level will
// subtract to max_error as distortion. // subtract to max_error as distortion.
// Here, distortion = sum of (|coeff_i| - level_i * Q_i)^2 // Here, distortion = sum of (|coeff_i| - level_i * Q_i)^2
const int new_error = coeff0 - level * Q; const int new_error = coeff0 - level * (int32_t)Q;
const int delta_error = const int delta_error =
kWeightTrellis[j] * (new_error * new_error - coeff0 * coeff0); kWeightTrellis[j] * (new_error * new_error - coeff0 * coeff0);
base_score = RDScoreTrellis(lambda, 0, delta_error); base_score = RDScoreTrellis(lambda, 0, delta_error);

5
src/utils/random_utils.h
View File

@@ -16,6 +16,7 @@
#include <assert.h> #include <assert.h>
#include "src/dsp/cpu.h"
#include "src/utils/bounds_safety.h" #include "src/utils/bounds_safety.h"
#include "src/webp/types.h" #include "src/webp/types.h"
@@ -40,8 +41,8 @@ void VP8InitRandom(VP8Random* const rg, float dithering);
// Returns a centered pseudo-random number with 'num_bits' amplitude. // Returns a centered pseudo-random number with 'num_bits' amplitude.
// (uses D.Knuth's Difference-based random generator). // (uses D.Knuth's Difference-based random generator).
// 'amp' is in VP8_RANDOM_DITHER_FIX fixed-point precision. // 'amp' is in VP8_RANDOM_DITHER_FIX fixed-point precision.
static WEBP_INLINE int VP8RandomBits2(VP8Random* const rg, int num_bits, static WEBP_UBSAN_IGNORE_UNSIGNED_OVERFLOW WEBP_INLINE int VP8RandomBits2(
int amp) { VP8Random* const rg, int num_bits, int amp) {
int diff; int diff;
assert(num_bits + VP8_RANDOM_DITHER_FIX <= 31); assert(num_bits + VP8_RANDOM_DITHER_FIX <= 31);
diff = rg->tab[rg->index1] - rg->tab[rg->index2]; diff = rg->tab[rg->index1] - rg->tab[rg->index2];

4
src/utils/rescaler_utils.c
View File

@@ -93,6 +93,10 @@ int WebPRescalerGetScaledDimensions(int src_width, int src_height,
int* const scaled_height) { int* const scaled_height) {
assert(scaled_width != NULL); assert(scaled_width != NULL);
assert(scaled_height != NULL); assert(scaled_height != NULL);
if (src_width < 0 || src_height < 0 || *scaled_width < 0 ||
*scaled_height < 0) {
return 0;
}
{ {
int width = *scaled_width; int width = *scaled_width;
int height = *scaled_height; int height = *scaled_height;