`WebPIoInitFromOptions()` doesn't distinguish between `MODE_YUV` and
`MODE_YUVA`, only RGB vs YUV. Removing this check also removes a
confusing mix up between `MODE_YUV` and `MODE_YUVA` in the conditional.
Change-Id: Id46b21785433aded733ad914941398b0bd5d6b8f
Change memcpy|memset|memchr to unsafe variants
Add WEBP_ASSUME_UNSAFE_INDEXABLE_ABI to relevant files. I've also added
it to lossless.h, yuv.h, and decode.h as they're all imported by code in
dec, which will have -fbounds-safety annotations.
Bug: 432511225
Change-Id: I3011a0a56633b8437ead31607c7ac5f6311fa846
By moving non-abi breaking annotations into types.h, this enables us to
mark more of libwebp as unsafe to allow better interop with struct
members which default to __single.
Change-Id: I54b78f68581e41389538f7332989c04c2e02ccc7
Bug: webp:432511225
Memcmp is used in other parts of libwebp which we didn't see yet in
webputils. The places that use memcp use it as an expression, (i.e. if
(memcmp(...)), so explicitly do not wrap in do { } while (0) guard.
Change-Id: Ifa972640bae052717a1af02112c62dc197dfe0f1
This will become the default in later versions of clang-format with
--style=Google. This will normalize the pointer alignment in the
fuzzers.
Change-Id: I118aac9758ab2a1af82a907ee61f4a7af88209b1
Note that config.exact defaults to 0 and point users to WebPEncode() if
the default isn't acceptable. This duplicates the comment from encode.h
for visibility. Follow up to:
6d2e11ec encode.h: mention 'exact' default in WebPEncodeLossless*
Bug: 449296530
Change-Id: Iba44dbcbb179bd80ea0a6b9e129b2c7e0a406916
There was a duplicated functionality with a lower quality which
could lead to decoded lossless WebP to YUV being different from
lossless WebP to PNG to YUV.
The rescaler is not using it yet.
Bug: 432241412
Change-Id: Id794880957935b69729d4b34ae453551d13364dc
The armv7, armv7s and i386 iOS targets were deprecated in Xcode 14 [1]
and failed to build with Xcode 16.4.
[1]: https://developer.apple.com/documentation/xcode-release-notes/xcode-14-release-notes
Building iOS projects with deployment targets for the armv7, armv7s, and
i386 architectures is no longer supported. (92831716)
Change-Id: I08d376fea64638d056258798bd7e586ca6880454
Reasoning:
Image Data Buffers:
The `data` parameter of `WebPDequantizeLevels` (in both .c and .h)
and `InitParams` (src/utils/quant_levels_dec_utils.c:232) is annotated
with `WEBP_SIZED_BY((long)stride * height)`, as it points to the start
of the image buffer.
The `src` and `dst` fields in `SmoothParams`
(src/utils/quant_levels_dec_utils.c:54) are annotated as
`WEBP_INDEXABLE`. They are initialized from `data` in `InitParams`
(L266) and are advanced row by row using pointer arithmetic (e.g.,
`p->src += p->stride` in `VFilter` L111, `p->dst += p->stride` in
`ApplyFilter` L165). `WEBP_INDEXABLE` is used because the pointers
iterate within the buffer and are only accessed with positive indices.
Scratch Buffers (`SmoothParams`):
Scratch buffers are allocated in `InitParams` via `WebPSafeMalloc`.
The local variable `mem` holding this allocation (L245) is explicitly
annotated as `WEBP_BIDI_INDEXABLE` to ensure safety when compiling with
error suppression.
- `start`, `cur`, `top`: These pointers are used for iteration and
pointer arithmetic within the circular scratch buffer. They are
annotated as `WEBP_INDEXABLE`.
- `end`: This pointer is annotated as `WEBP_BIDI_INDEXABLE` because it
is used in subtraction (`p->end - width`) in `InitParams` (L257) to
calculate `p->top`.
- `average`: This buffer is accessed sequentially up to `width`. It is
annotated as `WEBP_COUNTED_BY(width)`. Initialization in `InitParams`
is reordered (L261) to ensure `p->width` is set before `p->average`.
- `correction`: This lookup table requires negative indexing. To avoid
using `WEBP_BIDI_INDEXABLE` in the struct, it is annotated as
`WEBP_COUNTED_BY_OR_NULL(CORRECTION_LUT_SIZE)` (L75), pointing to the
start of the buffer. `CORRECTION_LUT_SIZE` is defined (L33).
`InitCorrectionLUT` (L188) and `ApplyFilter` (L147) calculate a local
middle pointer which is explicitly annotated as `WEBP_BIDI_INDEXABLE`
to allow safe negative indexing.
Local Pointers:
To ensure safety when compiling with error suppression (where locals
default to unsafe), explicit annotations are added to local pointers
derived from safe struct members:
- `VFilter` (L87): `src`, `cur`, `top`, `out` are `WEBP_INDEXABLE`.
- `HFilter` (L121): `in`, `out` are `WEBP_INDEXABLE`.
- `ApplyFilter` (L145): `average`, `dst` are `WEBP_INDEXABLE`.
- `CountLevels` (L214): `data` is `WEBP_INDEXABLE`.
Bug: 432511821
Change-Id: I6bdf86f80c94a5b182c5aef7e4092fe4ea24afb8
Reasoning:
In `HuffmanTablesSegment` (`src/utils/huffman_utils.h`), `start`
was annotated `WEBP_COUNTED_BY_OR_NULL(size)` as it points to an
allocation of `size` elements. `curr_table` was annotated
`WEBP_UNSAFE_INDEXABLE` because it iterates within `[start, start
+ size)`, a bound that cannot be expressed statically in the struct
without ABI changes. The code manually checks bounds for
`curr_table` (e.g., `src/utils/huffman_utils.c:240-241`). To
support the annotation on `start`, allocation sites in
`VP8LBuildHuffmanTable` and `VP8LHuffmanTablesAllocate`
(`src/utils/huffman_utils.c`) were refactored to assign `start` and
`size` side-by-side, using `WEBP_BIDI_INDEXABLE` local variables to
hold the safe pointer returned by `WebPSafeMalloc`.
`VP8LHuffmanTablesDeallocate` was updated to set `size` to 0 when
`start` is freed.
The `root_table` parameter of `BuildHuffmanTable`
(`src/utils/huffman_utils.c:86`) was annotated `WEBP_BIDI_INDEXABLE` to
accommodate accesses to secondary tables beyond the `root table` size
since with explicitly annotating the local variable `table`
as `WEBP_BIDI_INDEXABLE`, `table` inherits its bounds from `root_table`.
Call sites in `VP8LBuildHuffmanTable`
required `WEBP_UNSAFE_FORGE_BIDI_INDEXABLE` to convert the unsafe
`curr_table` to the safe `root_table`.
The `table` parameter of `ReplicateValue`
(`src/utils/huffman_utils.c:59`) was annotated
`WEBP_COUNTED_BY(end - step + 1)` and the function was refactored to
avoid modifying `end`. Call sites in `BuildHuffmanTable` required
`WEBP_UNSAFE_FORGE_BIDI_INDEXABLE` because the strided access
patterns used for Huffman table construction cannot be statically
verified by the compiler.
Bug: 432511821
Change-Id: I77c5c82ac36bc9bb79cd5119a4113ac5d62af762
Memory footprint is increased by twice the canvas pixel count in bytes
at encoding. There should be little impact on encoding speed because
only buffer allocs/reads/writes are introduced, with little to no
added logic. Animation encoding may be 2% slower.
Bug: 42340478
Change-Id: I8f0048107a2bfbee7a8124c100f78eac93447d80
The calling function, `GetFilterMap()` only takes `width` and `height`;
the alpha data is assumed to have a stride equal to its width. The
`WebPEstimateBestFilter()` was inconsistently using the parameters,
setting up the current row with `stride`, but accessing the previous one
with `width`.
Change-Id: I9dd90222b6923eea3626e426a61bdef3985546ff
Reasoning:
The `irow` and `frow` pointers in `WebPRescaler`
(src/utils/rescaler_utils.h:49) were annotated with
`WEBP_COUNTED_BY(dst_width * num_channels)`. This is based on their
initialization in `WebPRescalerInit` (src/utils/rescaler_utils.c:82-83)
where they are assigned parts of the `work` buffer, whose total size
is `2 * dst_width * num_channels`. The `work` parameter in
`WebPRescalerInit` (src/utils/rescaler_utils.h:58,
src/utils/rescaler_utils.c:33) was also annotated accordingly.
To satisfy the side-by-side assignment requirement for external bounds,
assignments to `rescaler->irow` and `rescaler->frow` in
`WebPRescalerInit` were moved closer to the assignments of
`dst_width` and `num_channels` (src/utils/rescaler_utils.c:50-53).
Since `work` have bound information, `WEBP_UNSAFE_MEMSET` has
been changed to `memset`.
In `WebPRescalerImport` (src/utils/rescaler_utils.c:140-150), where
`irow` and `frow` are swapped, self-assignments for `dst_width` and
`num_channels` were added side-by-side with the pointer assignments.
Additionally, `WEBP_UNSAFE_FORGE_BIDI_INDEXABLE` was used for the
pointer assignments to handle the `WEBP_ASSUME_UNSAFE_INDEXABLE_ABI`
setting used during testing.
Bug: 432511821
Change-Id: If716fb79a06dee9e807eff060806daf038810523
This was necessary after:
44257cb8 apply clang-format
Which made some single-line statements into multi-line. Using braces on
multi-line statements better conforms with the Google style guide.
Bug: 433996651
Change-Id: I615c0ecf3b94571f67fceadfe8c15914aea45ccb
