dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2025-10-31 10:25:46 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

VP8LEncodeStream: fix segfault on OOM

Browse Source 
initialize bw_side before calling EncoderAnalyze() & EncoderInit() which
may fail; previously this would cause a free of an invalid pointer in
VP8LBitWriterWipeOut().

since at least:
v0.6.0-120-gf8c2ac15 Multi-thread the lossless cruncher.

Tested:
for i in `seq 1 639`; do
  export MALLOC_FAIL_AT=$i
  ./examples/cwebp -m 6 -q 100 -lossless jpeg_file
done

Bug: webp:565
Change-Id: I1c95883834b6e4b13aee890568ce3bad0f4266f0
This commit is contained in:
James Zern
2022-04-04 10:41:25 -07:00
parent 0957fd69ee
commit fe153fae98
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/enc/vp8l_enc.c
View File

@@ -1966,14 +1966,19 @@ int VP8LEncodeStream(const WebPConfig* const config,
const WebPWorkerInterface* const worker_interface = WebPGetWorkerInterface(); const WebPWorkerInterface* const worker_interface = WebPGetWorkerInterface();
int ok_main; int ok_main;
if (enc_main == NULL || !VP8LBitWriterInit(&bw_side, 0)) {
WebPEncodingSetError(picture, VP8_ENC_ERROR_OUT_OF_MEMORY);
VP8LEncoderDelete(enc_main);
return 0;
}
// Avoid "garbage value" error from Clang's static analysis tool. // Avoid "garbage value" error from Clang's static analysis tool.
WebPPictureInit(&picture_side); WebPPictureInit(&picture_side);
// Analyze image (entropy, num_palettes etc) // Analyze image (entropy, num_palettes etc)
if (enc_main == NULL || if (!EncoderAnalyze(enc_main, crunch_configs, &num_crunch_configs_main,
!EncoderAnalyze(enc_main, crunch_configs, &num_crunch_configs_main,
&red_and_blue_always_zero) || &red_and_blue_always_zero) ||
!EncoderInit(enc_main) || !VP8LBitWriterInit(&bw_side, 0)) { !EncoderInit(enc_main)) {
WebPEncodingSetError(picture, VP8_ENC_ERROR_OUT_OF_MEMORY); WebPEncodingSetError(picture, VP8_ENC_ERROR_OUT_OF_MEMORY);
goto Error; goto Error;
} }