This is available with clang. Clears warnings of the form:
warning: empty expression statement has no effect; remove unnecessary
';' to silence this warning [-Wextra-semi-stmt]
As a side-effect it also clear a few -Wpedantic warnings with gcc:
warning: ISO C does not allow extra ';' outside of a function
[-Wpedantic]
Change-Id: I9295c767aad475c68b1fbbdff855b0d6650a25f5
Initially added to workaround gcc implementation issues that clang
does not have. (gcc hardcodes rbx as the PIC register, clang uses a
virtual register)
Change-Id: I1a3277abf02b1ff437b4aea4d28f4cb1c0176b80
When WebPSafeMalloc fails on VP8LHuffmanTablesAllocate,
next is not initialized to NULL.
VP8LHuffmanTablesDeallocate uses next to know the following nodes.
A patch fixes this issue.
Change-Id: I144ae84cd97e5bca227018ef1afa95361267902c
The first condition is only necessary if we have not read enough
(enough being defined by src_last, not src_end which is the end
of the image).
The second condition now fits the comment below: "if not
incremental, and we are past the end of buffer".
BUG=oss-fuzz:62136
Change-Id: I0700f67c62db8e1c02c2e429a069a71e606a5e4f
First, BuildHuffmanTable is called to check if the data is valid.
If it is and the table is not big enough, more memory is allocated.
This will make sure that valid (but unoptimized because of unbalanced
codes) streams are still decodable.
Bug: chromium:1479274
Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
(cherry picked from commit 902bc91903)
First, BuildHuffmanTable is called to check if the data is valid.
If it is and the table is not big enough, more memory is allocated.
This will make sure that valid (but unoptimized because of unbalanced
codes) streams are still decodable.
Bug: chromium:1479274
Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
According to https://gcc.gnu.org/onlinedocs/gcc/extensions-to-the-c-language-family/how-to-use-inline-assembly-language-in-c-code.html
For the C language, the asm keyword is a GNU extension. When
writing C code that can be compiled with -ansi and the -std options
that select C dialects without GNU extensions, use __asm__ instead
of asm (see Alternate Keywords). For the C++ language, asm is a
standard keyword, but __asm__ can be used for code compiled with
-fno-asm.
Change-Id: I4af950e67c857c890290c1e3d9cc886da0748784
This makes it easier to read and copy/paste, though this is just rough
pseudo-code. It also matches the formatting of the advanced decoder
example.
Change-Id: I6a4d0a04a12bfc1f1956ac965ff4869cefc4f3df
4 bits are read ([0, 15]) with 4 added to the result. The check that the
result is not > NUM_CODE_LENGTH_CODES (19) is redundant. This makes the
check an assert for documentation purposes.
webp-lossless-bitstream-spec.txt is updated accordingly.
Bug: webp:611
Change-Id: Ie461017dc9de3da4cfe6856543d3dcf58f53a180
ExpandColorMap() can fail due to a memory allocation failure.
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: I868c5db2fee18e876f4aa3b63e744d7297d1a91b
in AllocateAlphaPlane() and VP8DecompressAlphaRows().
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: I39eb305abfe9f4d7915cce5d91e72917f482bc20
This is unnecessary as green will have the largest value; the sizes are
currently: 256 + 24 + color_cache_size, 256, 40, in that order.
Change-Id: Ib9ce3292285a7b9c6089557b68a87184b68d17a5
Users of the encoder (including anim_encode.c) and areas of the encoder
itself rely on the status returned via WebPPicture.
Change-Id: Id786176b8ac3b2329d1e41b9dacbb8dcc5d822e4
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==13==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310
READ of size 1028 at 0x61900005b880 thread T0
#0 0x49ffc0 in __asan_memcpy
#1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3
#2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
This is the same issue that was fixed in the non-alpha lossless path in:
d49cfbb3 vp8l_enc,WriteImage: add missing error check
Bug: chromium:1455619
Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==3531848==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d000000880 at pc 0x556eddfa1007 bp 0x7ffe434c7a90 sp 0x7ffe434c7260
READ of size 2052 at 0x61d000000880 thread T0
#0 0x556eddfa1006 in __asan_memcpy
#1 0x556eddfeeccf in WebPMemoryWrite src/enc/picture_enc.c:220:5
#2 0x556ede0f9f87 in WriteImage src/enc/vp8l_enc.c:1454:8
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: Ib1c9454c2c51849b0ba58c5347e6bd5b02a12fbe
This prevents leaks should an allocation fail.
Spotted by Philippe Antoine (p dot antoine at catenacyber dot fr)
and https://github.com/catenacyber/nallocfuzz.
Change-Id: I07a8a475a282b18bf2f9015cc5b1120772babd48
The buffers are made mandatory to match WebPDecodeYUVInto(), though this
conflicts with WebPIDecGetYUVA().
spotted by Oliver Kunz (okunz at google dot com)
Change-Id: Ic4740c53b75da6b93d4f3462303fb9be0ebfbd48
The histograms count the occurrences of len/dist in entropy images.
Those (at most (1<<14) by (1<<14)) are sub-sampled by at least
MIN_HUFFMAN_BITS == 2, hence at most 24 bits in a histogram value.
At most, we multiply by 19 (because the longest histogram is of
size 40 and we do 40>>1, cf code) for the bit cost. So it all fits
in 32 bits.
Change-Id: Ife24b035f54794851ff31f2fac07901f724c6d7f