First, BuildHuffmanTable is called to check if the data is valid.
If it is and the table is not big enough, more memory is allocated.
This will make sure that valid (but unoptimized because of unbalanced
codes) streams are still decodable.
Bug: chromium:1479274
Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
Users of the encoder (including anim_encode.c) and areas of the encoder
itself rely on the status returned via WebPPicture.
Change-Id: Id786176b8ac3b2329d1e41b9dacbb8dcc5d822e4
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==13==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310
READ of size 1028 at 0x61900005b880 thread T0
#0 0x49ffc0 in __asan_memcpy
#1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3
#2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
This is the same issue that was fixed in the non-alpha lossless path in:
d49cfbb3 vp8l_enc,WriteImage: add missing error check
Bug: chromium:1455619
Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==3531848==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d000000880 at pc 0x556eddfa1007 bp 0x7ffe434c7a90 sp 0x7ffe434c7260
READ of size 2052 at 0x61d000000880 thread T0
#0 0x556eddfa1006 in __asan_memcpy
#1 0x556eddfeeccf in WebPMemoryWrite src/enc/picture_enc.c:220:5
#2 0x556ede0f9f87 in WriteImage src/enc/vp8l_enc.c:1454:8
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: Ib1c9454c2c51849b0ba58c5347e6bd5b02a12fbe
This prevents leaks should an allocation fail.
Spotted by Philippe Antoine (p dot antoine at catenacyber dot fr)
and https://github.com/catenacyber/nallocfuzz.
Change-Id: I07a8a475a282b18bf2f9015cc5b1120772babd48
The buffers are made mandatory to match WebPDecodeYUVInto(), though this
conflicts with WebPIDecGetYUVA().
spotted by Oliver Kunz (okunz at google dot com)
Change-Id: Ic4740c53b75da6b93d4f3462303fb9be0ebfbd48
and define it to true for __aarch64__ and Win Arm64 + Visual Studio.
Microsoft's compiler (cl.exe) does not define __aarch64__, but relies on
_M_ARM64 & _M_ARM64EC
Bug: b/277254922
Change-Id: I20e4fa07a4031599db69e3d7ba9050345315ef51
This avoids defining a version in each translation unit when using
__declspec(dllexport) which causes failures due to multiply defined
symbols with clang-cl:
lld-link: error: duplicate symbol: VP8GetCPUInfo
>>> defined at CMakeFiles\webpdecode.dir\Debug\src\dec\alpha_dec.c.obj
>>> defined at CMakeFiles\webpdsp.dir\Debug\src\dsp\dec_sse41.c.obj
...
Bug: webp:607
Change-Id: I6cd1ee75b3db984aa513263a05516e867a64925d
this is always defined by default to 0 since:
v0.6.0-158-g663a6d9d unify the ALTERNATE_CODE flag usage
previously the !defined() check would cause a mismatch between C and
assembly.
Change-Id: Idca0b8e39ca90d63785fd4125aeb7af86c5aae61
This avoids a double free should the function fail prior to
VP8BitWriterInit() and a previous trial result's buffer carried over.
Previously in ApplyFiltersAndEncode() trial.bw (with a previous
iteration's buffer) would be freed, followed by best.bw pointing to the
same buffer.
Since:
187d379d add a fallback to ALPHA_NO_COMPRESSION
In addition, check the return value of VP8BitWriterInit() in this
function.
Bug: webp:603
Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
when threading is disabled; fixes:
src/enc/analysis_enc.c:429:15: warning: Value stored to 'split_row'
during its initialization is never read [deadcode.DeadStores]
const int split_row = (9 * last_row + 15) >> 4;
^~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: I2b02173bb8c930ed54360cce5c7b88ecce098d83
* changes:
picture_csp_enc.c: remove SafeInitSharpYuv
sharpyuv: prefer webp/types.h
sharpyuv,SharpYuvInit: add mutex protection when available
sharyuv_{neon,sse2}.c: merge WEBP_USE_* sections
add a few missing <stddef.h> includes for NULL
sharpyuv.h: remove <inttypes.h>
thread safety was internalized in:
782ed48c sharpyuv,SharpYuvInit: add mutex protection when available
Change-Id: I2877e7bb78bf89ad7504c33d04b22952c0c0a968
move WEBP_EXTERN definition from Makefile.vc to webp/types.h using the
existing WEBP_DLL define to control its declaration to
__declspec(dllexport); the same is done for SHARPYUV_EXTERN
Change-Id: Iecea360305bdd19a878255470a00b9dcc344c730
the ternary used with alpha_offset was removed in:
3b07d327 Import,RGBA: fix for BigEndian import
use the ALPHA_OFFSET directly
Change-Id: Iee9b7c54f1498591e8c5834766dc4d34a321133d
this localizes the conversion to int in the function; the parameter was
previously changed in:
6ab496ed fix some 'unsigned integer overflow' warnings in ubsan
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
2350919223 (32-bit, unsigned) to type 'int' changed the value to
-1944048073 (32-bit, signed)
Bug: b/229626362
Change-Id: I589eec11c0dabaeba99e153e705f956181c570d2
in TransformColorBlue; make new_blue an int to avoid:
implicit conversion from type 'int' of value 264 (32-bit, signed) to
type 'uint8_t' (aka 'unsigned char') changed the value to 8 (8-bit,
unsigned)
Bug: b/229626362
Change-Id: Ife276a59231075788396204e1a192f3b0c6d9e21
add explicit casts in calls to ColorTransformDelta()
clears warnings of the form:
implicit conversion from type 'uint8_t' (aka 'unsigned char') of value
254 (8-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the
value to -2 (8-bit, signed)
Bug: b/229626362
Change-Id: Ic049ad9c9b5c6b669a1c943287f416533d6c873c
add explicit casts in calls to ColorTransformDelta()
clears warnings of the form:
implicit conversion from type 'uint8_t' (aka 'unsigned char') of value
254 (8-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the
value to -2 (8-bit, signed)
Bug: b/229626362
Change-Id: I40618209509508f56d8053f9daa29cf2e6999766
previously the types were changed to int to prevent unsigned overflow
warnings:
6ab496ed fix some 'unsigned integer overflow' warnings in ubsan
clears warnings of the form:
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
3724541952 (32-bit, unsigned) to type 'int' changed the value to
-570425344 (32-bit, signed)
implicit conversion from type 'int' of value -3361661 (32-bit, signed)
to type 'unsigned int' changed the value to 4291605635 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: If1eb39c5dd7218d686c3c47fb7df72431b873be4
clears warnings of the form:
src/dsp/upsampling_sse2.c:169:1: runtime error: implicit conversion from
type 'int' of value -16 (32-bit, signed) to type 'unsigned long' changed
the value to 18446744073709551600 (64-bit, unsigned)
Bug: b/229626362
Change-Id: I757d347808be5084e5fcf7c121a77d09812b743c
clears a warning of the form:
src/dec/webp_dec.c:182:62: runtime error: implicit conversion from type
'int' of value -2 (32-bit, signed) to type 'unsigned int' changed the
value to 4294967294 (32-bit, unsigned)
Bug: b/229626362
Change-Id: Ibf08f8bb9ec345381b51ca3872745368fca700c0
clears a warning of the form:
implicit conversion from type 'int' of value -1 (32-bit, signed) to type
'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: I397fbd59bd3e6d787fcec1344b6230958b28d22c
clears warnings of the form:
implicit conversion from type 'int32_t' (aka 'int') of value -1 (32-bit,
signed) to type 'unsigned int' changed the value to 4294967295 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: I956671d4fee482c97c67bbe94032a97da49b0f6d
in calls to Clip255(); given the current implementation's use of a
logical shift the parameter is left as uint32_t and explicit casts are
added
clears warnings of the form:
src/dsp/lossless.c:52:18: runtime error: implicit conversion
from type 'int' of value -2 (32-bit, signed) to type 'uint32_t' (aka
'unsigned int') changed the value to 4294967294 (32-bit, unsigned)
Bug: b/229626362
Change-Id: If8a7f145c2d7e62e572e221da36b04281ed5c9bf
in the case of use_argb, alpha_offset may be non-zero which would cause
the null pointer check in CheckNonOpaque to pass
fixes a potential crash with invalid width/height set or an integer
sanitizer warning when passing a zeroed picture:
src/enc/picture_csp_enc.c:73:57: runtime error: applying non-zero offset
3 to null pointer
Change-Id: I9d499bba12c65ad5c65d8f9f3c8ee9298ac6081a
fixes integer sanitizer warnings of the form:
implicit conversion from type 'int' of value -2122283647 (32-bit,
signed) to type 'uint32_t' (aka 'unsigned int') changed the value to
2172683649 (32-bit, unsigned)
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
3724541952 (32-bit, unsigned) to type 'int' changed the value to
-570425344 (32-bit, signed)
Bug: b/229626362
Change-Id: I79f68e3e2fcab7cc0402477d2e88d629348c9ff4
