VP8LEncodeStream: fix segfault on OOM

initialize bw_side before calling EncoderAnalyze() & EncoderInit() which may fail; previously this would cause a free of an invalid pointer in VP8LBitWriterWipeOut(). since at least: v0.6.0-120-gf8c2ac15 Multi-thread the lossless cruncher. Tested: for i in `seq 1 639`; do export MALLOC_FAIL_AT=$i ./examples/cwebp -m 6 -q 100 -lossless jpeg_file done Bug: webp:565 Change-Id: I1c95883834b6e4b13aee890568ce3bad0f4266f0
2024-11-20 04:18:26 +01:00 · 2022-04-04 10:41:25 -07:00 · 2022-04-04 10:41:25 -07:00 · fe153fae98
commit fe153fae98
parent 0957fd69ee
1 changed files with 8 additions and 3 deletions
--- a/src/enc/vp8l_enc.c
+++ b/src/enc/vp8l_enc.c
@ -1966,14 +1966,19 @@ int VP8LEncodeStream(const WebPConfig* const config,
  const WebPWorkerInterface* const worker_interface = WebPGetWorkerInterface();
  int ok_main;

+  if (enc_main == NULL || !VP8LBitWriterInit(&bw_side, 0)) {
+    WebPEncodingSetError(picture, VP8_ENC_ERROR_OUT_OF_MEMORY);
+    VP8LEncoderDelete(enc_main);
+    return 0;
+  }
+
  // Avoid "garbage value" error from Clang's static analysis tool.
  WebPPictureInit(&picture_side);

  // Analyze image (entropy, num_palettes etc)
-  if (enc_main == NULL ||
-      !EncoderAnalyze(enc_main, crunch_configs, &num_crunch_configs_main,
+  if (!EncoderAnalyze(enc_main, crunch_configs, &num_crunch_configs_main,
                      &red_and_blue_always_zero) ||
-      !EncoderInit(enc_main) || !VP8LBitWriterInit(&bw_side, 0)) {
+      !EncoderInit(enc_main)) {
    WebPEncodingSetError(picture, VP8_ENC_ERROR_OUT_OF_MEMORY);
    goto Error;
  }