promote out_width to size_t before multiplying
src/dec/io_dec.c:301:30: runtime error: signed integer overflow: 2 *
1224167500 cannot be represented in type 'int'
#0 0x55fd9e8de2bd in InitYUVRescaler src/dec/io_dec.c:301:30
#1 0x55fd9e8de2bd in CustomSetup src/dec/io_dec.c:571:54
Bug: chromium:1196850
Change-Id: I70d0aac1b5eef163a3f353b721fb9ab561e02040
this will avoid the potential for some integer overflows in rescaler
calculations
Bug: chromium:1196850
Change-Id: Iaa09f5d6b888b39aaeb2154d470279620362d6eb
in Export increment the dst pointer, but in EmitRescaledRowsRGBA use
64-bit math as the number of output lines is variable and may still
overflow when incrementing.
Bug: chromium:1196850
Change-Id: I5c65b875894ee9da0fef1e24d27e507171800c4a
with large sizes the intermediate calculations may exceed 32-bits
src/dec/io_dec.c:491:17: runtime error: signed integer overflow: 3 *
788529152 cannot be represented in type 'int'
#0 0x557a3ad972b2 in InitRGBRescaler src/dec/io_dec.c:491:17
#1 0x557a3ad972b2 in CustomSetup src/dec/io_dec.c:563:29
Bug: chromium:1196850
Change-Id: Iaf2e8a6de9481dfea31dcd7fccb2d4eca767bddf
with large scale values the offset to the end of the buffer may exceed
32-bits range.
src/dec/buffer_dec.c:158:39: runtime error: signed integer overflow: 2 *
1275068416 cannot be represented in type 'int'
#0 0x56444802bea5 in WebPFlipBuffer src/dec/buffer_dec.c:158:39
Bug: chromium:1196850
Change-Id: I08c8b69ada5d5dd3e9bf2b9006dffa0c5f2103a5
in addition to checking the environment for "MALLOC_LIMIT"; the
environment will still take precedence.
this is in preparation for adding extreme config value coverage to
advanced_api_fuzzer
Bug: chromium:1196850
Change-Id: Ibe22f5e39e030a422fd6e383269bde35252d3fae
avoids integer overflow in extreme cases:
src/dsp/rescaler.c:45:32: runtime error: signed integer overflow: 129 *
16777215 cannot be represented in type 'int'
#0 0x556bde3538e3 in WebPRescalerImportRowExpand_C src/dsp/rescaler.c:45:32
#1 0x556bde357465 in RescalerImportRowExpand_SSE2 src/dsp/rescaler_sse2.c:56:5
...
Bug: chromium:1196850
Change-Id: I4f923807f106713e113f3eec62a1d1c346066345
after the check using 64-bit math we used a signed integer in the
multiplication. previously unsigned integer max was tested.
fixes cases like:
src/dec/buffer_dec.c:108:16: runtime error: signed integer overflow:
944731466 * 4 cannot be represented in type 'int'
#0 0x55e56187dc1d in AllocateBuffer src/dec/buffer_dec.c:108:16
#1 0x55e56187dc1d in WebPAllocateDecBuffer src/dec/buffer_dec.c:216:12
...
Bug: chromium:1196850
Change-Id: I6e5b3e5d1d5b50b5c98c39bbf9813a63fedc5ca7
replace with more inclusive terms or remove the comment entirely if the
meaning was already clear.
Bug: webp:507
Change-Id: Ica3bbf751ebf79f6668df6e6209af770248ff4ca
enc is allocated with WebPSafeCalloc so there's no need to clear the
pointers afterward.
this has the side-effect of removing a non-inclusive term.
Bug: webp:507
Change-Id: I82f82954936638c4c15d33b2d6f0497a6a13571f
This reverts commit b6513fbaa8.
This change can produce files that can cause decode failures in some
versions of chrome and safari/ios/macos.
https://chromium-review.googlesource.com/c/chromium/src/+/2876279
The chrome fix will be available in M92. This change can be revisited
after it and the mac updates are more widely deployed.
Bug: b/186640109,b/188702956
Change-Id: I296b8fe88c6c48219e3edf532226c4f972f1605b
though the max chunk/payload sizes were checked and would fail the
padded size was being calculated beforehand which could result in a
(harmless) unsigned int overflow warning.
Bug: webp:508
Change-Id: I4fa30ded2b027c1577b03049a2deeb7bf75e5472
fixes conversion warnings in visual studio after:
b1674240 Add modified Zeng's method to palette sorting.
src\enc\vp8l_enc.c(296) : warning C4244: '=' : conversion from 'const
uint16_t' to 'uint8_t', possible loss of data
src\enc\vp8l_enc.c(299) : warning C4244: '=' : conversion from 'const
uint16_t' to 'uint8_t', possible loss of data
Change-Id: I981b1ba4912edbbafbd49f1f5b1043bf12266920
large values of x_add and y_add may rollover an int causing a later
assertion to fail in WebPRescalerExportRow due to fxy_scale incorrectly
being set to 0.
fixes:
src/dsp/rescaler.c:178: void WebPRescalerExportRow(WebPRescaler *const):
Assertion `wrk->src_height == wrk->dst_height && wrk->x_add == 1'
failed.
Bug: chromium:1196480
Change-Id: I2c00f015d61a1257033d8edb1edd4d060d6878b7
this matches the description in WebPDecoderOptions and prevents a
mismatch between the user supplied options and the ones used by io.
Bug: chromium:1196773, chromium:1196775, chromium:1196480
Change-Id: I3603b806884cfc6969b093d06b7980b0cc13199b
this matches the description in WebPDecoderOptions and prevents a
mismatch between the user supplied options and the ones used by io.
Bug: chromium:1196480
Change-Id: Id464f999d737078078f9d21afe25b349317f5ab4
and avoid integer overflow in test of x/width and y/height parameters
against the image width/height
Bug: chromium:1196778, chromium:1196777, chromium:1196480
Change-Id: I7b8f1f4dbebfe073b1ba260b8317979488655dcc
With palette+predictors, cross-color was forced (because of predictors).
No need for cross-color for palettes as R/B==0.
This saves 10 bytes per image that uses palette+predictors.
Change-Id: If2184d16cdabe1e8498009062284ad3e37ef1342
if bypass_filtering was set to 1 in the user provided options it
shouldn't be reset in the use_scaling pass even if the image satisfies
the scaling requirements.
Change-Id: I036029907886acb63748872d5f8763954a7c607b
ICC extraction via GetColorContexts may fail due to the operation not
being supported with e.g., bitmaps.
Bug: webp:506
Change-Id: I587220e688ac90d77c84af21c9e7bc8bf178f3aa