From fde90a49e454cf3ca7fee8ef011b0f948afe865f Mon Sep 17 00:00:00 2001 From: Arman Hasanzadeh Date: Tue, 19 Aug 2025 12:34:27 -0700 Subject: [PATCH] Add fbounds-safety annotations for `histogram`. Reasoning: The `histogram` parameter in `GenerateOptimalTree` (src/utils/huffman_encode_utils.c:170) is used as an array indexed up to `histogram_size`. It was annotated with `__counted_by(histogram_size)` to fix bounds-safety errors. This required annotating the caller `VP8LCreateHuffmanTree` (src/utils/huffman_encode_utils.c:411). However, the size of `histogram` in `VP8LCreateHuffmanTree` depends on another parameter (`huff_code->num_symbols`), preventing direct annotation in the signature. Instead, a local `__bidi_indexable` pointer (`bounded_histogram`) was forged inside `VP8LCreateHuffmanTree` using `__unsafe_forge_bidi_indexable` with the correct size and passed to `GenerateOptimalTree`. This also required annotating parameters `good_for_rle` and `counts` in `OptimizeHuffmanForRle` (src/utils/huffman_encode_utils.c:37) and forging a bounded pointer for `buf_rle` (`bounded_buf_rle`) in `VP8LCreateHuffmanTree` to pass to `OptimizeHuffmanForRle`. Bug: 432511821 Change-Id: I5905ff93f4cc0a9ff03c5786b5ac20c6bfa965ff --- src/utils/huffman_encode_utils.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/src/utils/huffman_encode_utils.c b/src/utils/huffman_encode_utils.c index 542d716f..454c67b3 100644 --- a/src/utils/huffman_encode_utils.c +++ b/src/utils/huffman_encode_utils.c @@ -34,8 +34,11 @@ static int ValuesShouldBeCollapsedToStrideAverage(int a, int b) { // Change the population counts in a way that the consequent // Huffman tree compression, especially its RLE-part, give smaller output. -static void OptimizeHuffmanForRle(int length, uint8_t* const good_for_rle, - uint32_t* const counts) { +static void OptimizeHuffmanForRle(int length, + uint8_t* const WEBP_COUNTED_BY(length) + good_for_rle, + uint32_t* const WEBP_COUNTED_BY(length) + counts) { // 1) Let's make the Huffman code more compatible with rle encoding. int i; for (; length >= 0; --length) { @@ -167,12 +170,11 @@ static void SetBitDepths(const HuffmanTree* const tree, // we are not planning to use this with extremely long blocks. // // See https://en.wikipedia.org/wiki/Huffman_coding -static void GenerateOptimalTree(const uint32_t* const histogram, - int histogram_size, - HuffmanTree* WEBP_BIDI_INDEXABLE tree, - int tree_depth_limit, - uint8_t* WEBP_COUNTED_BY(histogram_size) - const bit_depths) { +static void GenerateOptimalTree( + const uint32_t* const WEBP_COUNTED_BY(histogram_size) histogram, + int histogram_size, HuffmanTree* WEBP_BIDI_INDEXABLE tree, + int tree_depth_limit, + uint8_t* WEBP_COUNTED_BY(histogram_size) const bit_depths) { uint32_t count_min; HuffmanTree* WEBP_BIDI_INDEXABLE tree_pool; int tree_size_orig = 0; @@ -416,10 +418,17 @@ void VP8LCreateHuffmanTree(uint32_t* const histogram, int tree_depth_limit, uint8_t* const buf_rle, HuffmanTree* const huff_tree, HuffmanTreeCode* const huff_code) { const int num_symbols = huff_code->num_symbols; - WEBP_UNSAFE_MEMSET(buf_rle, 0, num_symbols * sizeof(*buf_rle)); - OptimizeHuffmanForRle(num_symbols, buf_rle, histogram); + uint32_t* const WEBP_BIDI_INDEXABLE bounded_histogram = + WEBP_UNSAFE_FORGE_BIDI_INDEXABLE( + uint32_t*, histogram, (size_t)num_symbols * sizeof(*histogram)); + uint8_t* const WEBP_BIDI_INDEXABLE bounded_buf_rle = + WEBP_UNSAFE_FORGE_BIDI_INDEXABLE(uint8_t*, buf_rle, + (size_t)num_symbols * sizeof(*buf_rle)); + + memset(bounded_buf_rle, 0, num_symbols * sizeof(*buf_rle)); + OptimizeHuffmanForRle(num_symbols, bounded_buf_rle, bounded_histogram); GenerateOptimalTree( - histogram, num_symbols, + bounded_histogram, num_symbols, WEBP_UNSAFE_FORGE_BIDI_INDEXABLE(HuffmanTree*, huff_tree, 3 * num_symbols * sizeof(*huff_tree)), tree_depth_limit, huff_code->code_lengths);