Commit Graph

38 Commits

Author SHA1 Message Date
James Zern
20a94186ce pnmdec,PAM: validate depth before calculating bytes_per_px
fixes potential integer overflow with corrupt files.

Change-Id: I03e27fb14ad559dcd47e2704afdb6be9a163e02e
2017-08-19 13:56:06 -07:00
James Zern
86fc4dd9f4 webpdec: use ImgIoUtilCheckSizeArgumentsOverflow
...prior to allocating a Picture. this is consistent with the other
readers and allows the allocation size to be limited at compile time

BUG=webp:355

Change-Id: Ib8e027ef863489b1e0f9e2a1403c3836da3ef48d
2017-08-08 07:02:02 -07:00
James Zern
08ea9ecde3 imageio: add ability restrict max image size
WEBP_MAX_IMAGE_SIZE can be defined to control this limit.
Set it to 1.5GiB w/--config=asan-fuzzer to avoid OOM with large resolution
images. This limit leaves some headroom over the single image max of 2^14 *
2^14 * 4

BUG=webp:355

Change-Id: I4d48eb0a063638297a842582e0229dfd5a54df5f
2017-08-08 07:02:02 -07:00
James Zern
6f9daa4a3a jpegdec,ReadError: fix leaks on error
everything post jpeg decoder creation should go through the error path
to ensure it's cleaned up properly

Change-Id: If78b4529e40797c67c3d0e624af1c036badea674
2017-08-08 07:02:00 -07:00
James Zern
dd7e83cca7 tiffdec,ReadTIFF: ensure data_size is < tsize_t max
Change-Id: I0ad9589a7f994294100e1c5a38abf6ebe417f8a9
2017-05-17 13:02:06 -07:00
James Zern
d988eb7b39 tiffdec,MyRead: quiet -Wshorten-64-to-32 warning
Change-Id: I7e2c7a9b80278b3056151c74a939b0f55bbbc90c
2017-05-17 12:06:53 -07:00
Vincent Rabaud
d78ff78095 Merge "Fix code to compile with C++." 2017-05-15 15:11:11 +00:00
Vincent Rabaud
c8f14093ac Fix code to compile with C++.
Change-Id: I324236440cb853cb3c8fb278ef22449cd9772ad7
2017-05-15 16:22:03 +02:00
James Zern
497dc6a70d pnmdec: sanitize invalid header output
Change-Id: I034cb00047f725e1cd106d3677db567f1efa0847
2017-05-15 04:57:45 -07:00
James Zern
645f0c53de pnmdec,PAM: set bytes_per_px based on depth when missing
this avoids setting bytes_per_px < depth causing an undersized
allocation for rgb import resulting in a crash.

BUG=b/37930872

Change-Id: I32a86f91528acc084a53d08c9fde9f2f1270a603
2017-05-10 19:15:50 -04:00
James Zern
1923ff0222 tiffdec: fix EXTRASAMPLES check
the TIFFGetField() return for TIFFTAG_EXTRASAMPLES is defined as (count,
types array) [1]. previously the count was being checked rather than the
first element of the array to determine whether the alpha was associated
(pre-multiplied) and the result needed to be unmultiplied.

since:
9273e441 fix TIFF encoder regarding rgbA/RGBA

[1] http://www.libtiff.org/man/TIFFSetField.3t.html

Change-Id: I6e41be9d038fe8afb6d0aa3c8048925dc901113b
2017-04-26 22:49:11 -07:00
James Zern
97cce5ba83 tiffdec: only request EXTRASAMPLES w/> 3 samples/px
Change-Id: I820e7de34e500c42ab51c97a70f25319807d58eb
2017-04-25 19:10:08 -07:00
Pascal Massimino
18f0dfac82 Merge "fix TIFF encoder regarding rgbA/RGBA" 2017-03-08 08:07:43 +00:00
Pascal Massimino
836607e68a webpdec.h: fix a doc typo
Change-Id: Ie1c4c2f0008904bfc37c838d2bd168e982155308
2017-03-05 09:38:51 +00:00
Pascal Massimino
9273e441da fix TIFF encoder regarding rgbA/RGBA
Encoder:
We were always using ExtraSamples=1, which means associated-alpha.
But we don't need the (lossy) excursion to rgbA format. We can save
the samples as RGBA directly, by changing ExtraSamples to '2'.
The TIFF encoder now checks the colorspace properly, to handle
premultiplied format as well as non-premultiplied.

Decoder:
The result of TIFFReadRGBAImageOriented() is always pre-multiply.
So, in case an alpha channel is present, we need to unmultiply it before
calling WebPPictureImportRGBA().

See:
https://www.itu.int/itudoc/itu-t/com16/tiff-fx/docs/tiff6.pdf (page 31)
and also http://www.asmail.be/msg0055469184.html

Change-Id: I3258bfdb0eb2e1a53d6c04414f55edb2926c938c
2017-03-03 10:36:29 -08:00
Pascal Massimino
17e3c11f99 Add limited PAM decoding support
Should support RGB / RGB_ALPHA / GRAYSCALE correctly, though

Change-Id: Idb1470581ebdfc6efee73009b2abd53889e901cb
2017-03-03 11:19:48 +01:00
Pascal Massimino
699b04161a ImgIoUtilWriteFile(): use ImgIoUtilSetBinaryMode
this matches what's done in cwebp.c:977

Change-Id: I0a05d03c97a073b8aa1e01430f20d6cc3c5ffc91
2017-02-26 14:05:42 -08:00
Pascal Massimino
e69ed29105 ReadWebP: decode directly into a pre-allocated buffer
This simplifies things a bit.

Change-Id: Ib128c7630ef727284f3467c3216cc536143edd66
2017-02-03 14:41:46 +01:00
Pascal Massimino
1e7ad88b85 PNM header decoder: add some basic numerical validation
see spec: http://netpbm.sourceforge.net/doc/ppm.html

Change-Id: I55e01f8cec79f9124e72d5f3d05be4ad0deae315
2017-02-01 15:03:11 +01:00
Pascal Massimino
dcf9d82a95 imageio: add limited PNM support for reading
see: http://netpbm.sourceforge.net/

Only reads P5 and P6 pnm files for now.

Change-Id: I2332a623f803df67455047f570f1cff9f464480a
2017-02-01 07:41:56 +00:00
Pascal Massimino
259e98286a replace 'ptr + y * stride' by 'ptr += stride'
This is to prevent potential overflow.

Change-Id: I9d21cfe790ba975bd5e117b025ea4d9deaeae4ab
2017-01-04 00:54:23 -08:00
James Zern
f04eb37603 libwebp-0.5.2
- 12/13/2016: version 0.5.2
   This is a binary compatible release.
   This release covers CVE-2016-8888 and CVE-2016-9085.
   * further security related hardening in the tools; fixes to
     gif2webp/AnimEncoder (issues #310, #314, #316, #322), cwebp/libwebp (issue
     #312)
   * full libwebp (encoder & decoder) iOS framework; libwebpdecoder
     WebP.framework renamed to WebPDecoder.framework (issue #307)
   * CMake support for Android Studio (2.2)
   * miscellaneous build related fixes (issue #306, #313)
   * miscellaneous documentation improvements (issue #225)
   * minor lossy encoder fixes and improvements
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYWfopAAoJEPnD1r24Iytd0gAQALhTSEjJVmKfHxyPNDduc3kn
 QeiVaVwPiOS/a266+ZnWHzCvkR3zgqZxNlyKzRty378gM8/P7r2dMCmfdnVFbF4O
 a7M1lld9yYldNpAxvHDnY9u2RzmRfVD1yYu27gv77uT7gR2IybQ81FHi1pn56tFA
 2g4yHdrC2tXud22ZUb9Bgqe7YW06gWND4EmeJgxF38S98gdrtJla5rmlUcuEhbIl
 SHpkbEgJX4nZxWggyCJ61/OxeEwwWBtI3kpSLkEqmCVSnFb7WBC7pITq59n8hg2U
 SaYCfWGRJ/oQQvxUxuPYYtzq26dYOxd2vT9S1mcE1be9jMGxKp9vgE8jNflvtza1
 wTPUajaPUjsTLAvFikQRo+34W9QxOKp9jCX9Be0V4wvBClfM13toBgKolzPGGUuo
 zlcZ0/GgzwfQ+sD7bs/p/7ToiH+GejBUK7FUR8ZB7EHZrDynszSzEevx5SUzPWV3
 1q4TyD5eclUOjb4S2yplcKp0kwkwtOA5ETboPzA+b8TQnfTFM3GP7fMoYvORbSZp
 39/H5hi1bjlOE4m3mp3qqfR2DMWZlla7YNZiuuTEeY3ztrlqeakC2ma1Fhi6ZmbG
 TrqmAaDTueRizry4E7Fr9sBw0mee14v/xcTFcDcSI1BRFclFc1KAw0ObzdaN2iEt
 L5tjlqzH0XEH4fl5OnD3
 =x+Y3
 -----END PGP SIGNATURE-----

Merge tag 'v0.5.2'

libwebp-0.5.2
- 12/13/2016: version 0.5.2
  This is a binary compatible release.
  This release covers CVE-2016-8888 and CVE-2016-9085.
  * further security related hardening in the tools; fixes to
    gif2webp/AnimEncoder (issues #310, #314, #316, #322), cwebp/libwebp (issue
    #312)
  * full libwebp (encoder & decoder) iOS framework; libwebpdecoder
    WebP.framework renamed to WebPDecoder.framework (issue #307)
  * CMake support for Android Studio (2.2)
  * miscellaneous build related fixes (issue #306, #313)
  * miscellaneous documentation improvements (issue #225)
  * minor lossy encoder fixes and improvements

* tag 'v0.5.2': (54 commits)
  update ChangeLog
  anim_util: quiet implicit conv warnings in 32-bit
  jpegdec: correct ContextFill signature
  Remove some errors when compiling the code as C++.
  vwebp: clear canvas during resize w/o animation
  tiffdec: restore libtiff 3.9.x compatibility
  update NEWS
  AnimEncoder: avoid freeing uninitialized memory pointer.
  WebPAnimEncoder: If 'minimize_size' and 'allow_mixed' on, try lossy + lossless.
  fix a potential overflow with MALLOC_LIMIT
  bump version to 0.5.2
  update AUTHORS & .mailmap
  iosbuild.sh: add WebPDecoder.framework + encoder
  AnimEncoder: Correctly skip a frame when sub-rectangle is empty.
  Fix assertions in WebPRescalerExportRow()
  fix a typo in WebPPictureYUVAToARGB's doc
  systematically call WebPDemuxReleaseIterator() on dec->prev_iter_
  doc: use two's complement explicitly for uint8->int8 conversion
  Anim_encoder: correctly handle enc->prev_candidate_undecided_
  WebPPictureDistortion(): free() -> WebPSafeFree()
  ...

Change-Id: I16bcf54af41ce8fad98d4fbc8aa1df58f338fc23
2016-12-20 20:14:55 -08:00
Pascal Massimino
0aa1f35c0f remove dependency of imageio/ to stopwatch.h
Change-Id: I9b8e3909e97a26644b5ba6cbd9b29b8ef1727ba7
2016-12-12 22:49:19 -08:00
Pascal Massimino
cb9ec84b54 Merge "remove the dependency to stop_watch.[ch] in imageio" 2016-12-13 06:48:07 +00:00
Pascal Massimino
cb215aed5c remove the dependency to stop_watch.[ch] in imageio
Passing the 'verbose' flag to DecodeWebP() wasn't mandated,
and was creating a forced dependency between imageio/ and examples/

Change-Id: Ib3d3f381a7b699df369a97cfb44360580422df11
2016-12-12 22:01:36 +01:00
James Zern
cec7201447 jpegdec: correct ContextFill signature
fill_input_buffer returns a boolean

Change-Id: I208a1a862fa6c57cb5b73568b84055f734c1c36f
2016-12-09 18:20:25 -08:00
Pascal Massimino
f7601aa686 Merge "Introduce a generic WebPGetImageReader(type) function" 2016-10-13 07:21:59 +00:00
Pascal Massimino
ce8733209d Introduce a generic WebPGetImageReader(type) function
Also introduce an always-failing 'reader' for unknown formats.
So we don't have to check reader==NULL, code is more regular.

-> We can get read of specific ReadPNG(), ReadJPEG(), ... declaration and use.

Change-Id: I290759705420878f00c7223c726d4ad404afd9c4
2016-10-12 21:00:27 -07:00
James Zern
2a2773ea29 imageio/*dec,Read*: add input parameter checks
Change-Id: I5e069d6ea4da9d8c71be03ef99aad679dd1aad21
2016-10-12 20:49:30 -07:00
James Zern
bc86b7a8a1 imageio_util: add ImgIoUtilCheckSizeArgumentsOverflow
and use it to validate decoder allocations. fixes a crash in jpegdec at
least.

BUG=webp:312

Change-Id: Ia940590098f29510add6aad10a8dfe9e9ea46bf4
2016-10-07 14:41:48 -07:00
James Zern
41cab7fe0f imageio/Android.mk: correct imagedec dependencies
this relies on imageio_util; remove the reference for dwebp as this does
not directly rely on it.

Change-Id: I09b863ae0dfe2e9c4929ff6b77e9310bb870ce35
2016-09-08 20:03:07 -07:00
Pascal Massimino
af1ad3e2dd libimageenc.a: extract image-saving code from dwebp
BUG=webp:277
Change-Id: I2c0e1df7b13b1f77474b5478048fef022e90f77a
2016-09-08 19:11:26 -07:00
James Zern
ebee57f4d1 move imageio/example_util.[hc] (back to) examples/
decoding and file i/o have been split to imageio, all that remains is
some string routines used for parameter parsing in the examples

Change-Id: I77386cd8aa39124b9e14c95fdbaa17ea4ab5bb24
2016-07-21 20:41:03 -07:00
James Zern
99542bbf3e webpdec: s/ExUtil//
PrintWebPError, LoadWebP, DecodeWebP, DecodeWebPIncremental

Change-Id: Ie17578b91c7efdf6e5fe63568a95f79788b7f8ee
2016-07-21 20:40:11 -07:00
James Zern
da573cf490 imageio_util: s/ExUtil/ImgIoUtil/
ExUtil(SetBinaryMode|ReadFile|ReadFromStdin|WriteFile|CopyPlane) ->
ImgIoUtil(SetBinaryMode|ReadFile|ReadFromStdin|WriteFile|CopyPlane)

Change-Id: I5497f8fe514347efeb83b8b8866ef334390fc18e
2016-07-21 20:40:11 -07:00
James Zern
bdda5bd4bf split example_util.h
move ExUtil*File to imageio_util.h
ExUtil*WebP* to webpdec.h

string parsing routines remain

Change-Id: I0560c4a74e86710d83bc4b5b234f1b5ef9a86f9d
2016-07-21 19:14:58 -07:00
James Zern
4cecab63bd pngdec.c,jpegdec.[hc]: remove unnecessary includes
example_util.h hasn't been needed since:
a9947c3 cwebp: add support for stdin input

Change-Id: Ic4fcefd5567aa3f4a5c1d443e8c6d9b4fc2fb53f
2016-07-20 12:12:14 -07:00
James Zern
c379b55a93 move examples/{example_util,image_dec} to imageio/
Change-Id: I2508c786a095a2a75bebf766210c64e2af88f9b6
2016-07-19 19:06:29 -07:00