dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2024-12-26 05:38:22 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix invalid incremental decoding check.

Browse Source 
(cherry picked from commit 95ea5226c8)

Change-Id: I80c2165aa9fdf43077db155d2d00e0e99db73eab
This commit is contained in:
Vincent Rabaud 2023-10-03 14:44:39 +02:00
parent 90d47113bc
commit e1f1bce9dc
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/dec/vp8l.c
View File

@ -1213,9 +1213,21 @@ static int DecodeImageData(VP8LDecoder* const dec, uint32_t* const data,
assert(br->eos_ == VP8LIsEndOfStream(br)); assert(br->eos_ == VP8LIsEndOfStream(br));
} }
if (dec->incremental_ && br->eos_ && src < src_end) { br->eos_ = VP8LIsEndOfStream(br);
// In incremental decoding:
// br->eos_ && src < src_last: if 'br' reached the end of the buffer and
// 'src_last' has not been reached yet, there is not enough data. 'dec' has to
// be reset until there is more data.
// !br->eos_ && src < src_last: this cannot happen as either the buffer is
// fully read, either enough has been read to reach 'src_last'.
// src >= src_last: 'src_last' is reached, all is fine. 'src' can actually go
// beyond 'src_last' in case the image is cropped and an LZ77 goes further.
// The buffer might have been enough or there is some left. 'br->eos_' does
// not matter.
assert(!dec->incremental_ || (br->eos_ && src < src_last) || src >= src_last);
if (dec->incremental_ && br->eos_ && src < src_last) {
RestoreState(dec); RestoreState(dec);
} else if (!br->eos_) { } else if ((dec->incremental_ && src >= src_last) || !br->eos_) {
// Process the remaining rows corresponding to last row-block. // Process the remaining rows corresponding to last row-block.
if (process_func != NULL) { if (process_func != NULL) {
process_func(dec, row > last_row ? last_row : row); process_func(dec, row > last_row ? last_row : row);