VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==13==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310
READ of size 1028 at 0x61900005b880 thread T0
#0 0x49ffc0 in __asan_memcpy
#1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3
#2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
This is the same issue that was fixed in the non-alpha lossless path in:
d49cfbb3 vp8l_enc,WriteImage: add missing error check
Bug: chromium:1455619
Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==3531848==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d000000880 at pc 0x556eddfa1007 bp 0x7ffe434c7a90 sp 0x7ffe434c7260
READ of size 2052 at 0x61d000000880 thread T0
#0 0x556eddfa1006 in __asan_memcpy
#1 0x556eddfeeccf in WebPMemoryWrite src/enc/picture_enc.c:220:5
#2 0x556ede0f9f87 in WriteImage src/enc/vp8l_enc.c:1454:8
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: Ib1c9454c2c51849b0ba58c5347e6bd5b02a12fbe
This prevents leaks should an allocation fail.
Spotted by Philippe Antoine (p dot antoine at catenacyber dot fr)
and https://github.com/catenacyber/nallocfuzz.
Change-Id: I07a8a475a282b18bf2f9015cc5b1120772babd48
The buffers are made mandatory to match WebPDecodeYUVInto(), though this
conflicts with WebPIDecGetYUVA().
spotted by Oliver Kunz (okunz at google dot com)
Change-Id: Ic4740c53b75da6b93d4f3462303fb9be0ebfbd48
The histograms count the occurrences of len/dist in entropy images.
Those (at most (1<<14) by (1<<14)) are sub-sampled by at least
MIN_HUFFMAN_BITS == 2, hence at most 24 bits in a histogram value.
At most, we multiply by 19 (because the longest histogram is of
size 40 and we do 40>>1, cf code) for the bit cost. So it all fits
in 32 bits.
Change-Id: Ife24b035f54794851ff31f2fac07901f724c6d7f
and define it to true for __aarch64__ and Win Arm64 + Visual Studio.
Microsoft's compiler (cl.exe) does not define __aarch64__, but relies on
_M_ARM64 & _M_ARM64EC
Bug: b/277254922
Change-Id: I20e4fa07a4031599db69e3d7ba9050345315ef51
This avoids defining a version in each translation unit when using
__declspec(dllexport) which causes failures due to multiply defined
symbols with clang-cl:
lld-link: error: duplicate symbol: VP8GetCPUInfo
>>> defined at CMakeFiles\webpdecode.dir\Debug\src\dec\alpha_dec.c.obj
>>> defined at CMakeFiles\webpdsp.dir\Debug\src\dsp\dec_sse41.c.obj
...
Bug: webp:607
Change-Id: I6cd1ee75b3db984aa513263a05516e867a64925d
this is always defined by default to 0 since:
v0.6.0-158-g663a6d9d unify the ALTERNATE_CODE flag usage
previously the !defined() check would cause a mismatch between C and
assembly.
Change-Id: Idca0b8e39ca90d63785fd4125aeb7af86c5aae61
This avoids a double free should the function fail prior to
VP8BitWriterInit() and a previous trial result's buffer carried over.
Previously in ApplyFiltersAndEncode() trial.bw (with a previous
iteration's buffer) would be freed, followed by best.bw pointing to the
same buffer.
Since:
187d379d add a fallback to ALPHA_NO_COMPRESSION
In addition, check the return value of VP8BitWriterInit() in this
function.
Bug: webp:603
Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
when threading is disabled; fixes:
src/enc/analysis_enc.c:429:15: warning: Value stored to 'split_row'
during its initialization is never read [deadcode.DeadStores]
const int split_row = (9 * last_row + 15) >> 4;
^~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: I2b02173bb8c930ed54360cce5c7b88ecce098d83
* changes:
picture_csp_enc.c: remove SafeInitSharpYuv
sharpyuv: prefer webp/types.h
sharpyuv,SharpYuvInit: add mutex protection when available
sharyuv_{neon,sse2}.c: merge WEBP_USE_* sections
add a few missing <stddef.h> includes for NULL
sharpyuv.h: remove <inttypes.h>
thread safety was internalized in:
782ed48c sharpyuv,SharpYuvInit: add mutex protection when available
Change-Id: I2877e7bb78bf89ad7504c33d04b22952c0c0a968
move WEBP_EXTERN definition from Makefile.vc to webp/types.h using the
existing WEBP_DLL define to control its declaration to
__declspec(dllexport); the same is done for SHARPYUV_EXTERN
Change-Id: Iecea360305bdd19a878255470a00b9dcc344c730
the ternary used with alpha_offset was removed in:
3b07d327 Import,RGBA: fix for BigEndian import
use the ALPHA_OFFSET directly
Change-Id: Iee9b7c54f1498591e8c5834766dc4d34a321133d
this localizes the conversion to int in the function; the parameter was
previously changed in:
6ab496ed fix some 'unsigned integer overflow' warnings in ubsan
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
2350919223 (32-bit, unsigned) to type 'int' changed the value to
-1944048073 (32-bit, signed)
Bug: b/229626362
Change-Id: I589eec11c0dabaeba99e153e705f956181c570d2
in TransformColorBlue; make new_blue an int to avoid:
implicit conversion from type 'int' of value 264 (32-bit, signed) to
type 'uint8_t' (aka 'unsigned char') changed the value to 8 (8-bit,
unsigned)
Bug: b/229626362
Change-Id: Ife276a59231075788396204e1a192f3b0c6d9e21
add explicit casts in calls to ColorTransformDelta()
clears warnings of the form:
implicit conversion from type 'uint8_t' (aka 'unsigned char') of value
254 (8-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the
value to -2 (8-bit, signed)
Bug: b/229626362
Change-Id: Ic049ad9c9b5c6b669a1c943287f416533d6c873c
add explicit casts in calls to ColorTransformDelta()
clears warnings of the form:
implicit conversion from type 'uint8_t' (aka 'unsigned char') of value
254 (8-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the
value to -2 (8-bit, signed)
Bug: b/229626362
Change-Id: I40618209509508f56d8053f9daa29cf2e6999766
previously the types were changed to int to prevent unsigned overflow
warnings:
6ab496ed fix some 'unsigned integer overflow' warnings in ubsan
clears warnings of the form:
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
3724541952 (32-bit, unsigned) to type 'int' changed the value to
-570425344 (32-bit, signed)
implicit conversion from type 'int' of value -3361661 (32-bit, signed)
to type 'unsigned int' changed the value to 4291605635 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: If1eb39c5dd7218d686c3c47fb7df72431b873be4
clears warnings of the form:
src/dsp/upsampling_sse2.c:169:1: runtime error: implicit conversion from
type 'int' of value -16 (32-bit, signed) to type 'unsigned long' changed
the value to 18446744073709551600 (64-bit, unsigned)
Bug: b/229626362
Change-Id: I757d347808be5084e5fcf7c121a77d09812b743c
clears a warning of the form:
src/dec/webp_dec.c:182:62: runtime error: implicit conversion from type
'int' of value -2 (32-bit, signed) to type 'unsigned int' changed the
value to 4294967294 (32-bit, unsigned)
Bug: b/229626362
Change-Id: Ibf08f8bb9ec345381b51ca3872745368fca700c0
clears a warning of the form:
implicit conversion from type 'int' of value -1 (32-bit, signed) to type
'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: I397fbd59bd3e6d787fcec1344b6230958b28d22c
clears warnings of the form:
implicit conversion from type 'int32_t' (aka 'int') of value -1 (32-bit,
signed) to type 'unsigned int' changed the value to 4294967295 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: I956671d4fee482c97c67bbe94032a97da49b0f6d
in calls to Clip255(); given the current implementation's use of a
logical shift the parameter is left as uint32_t and explicit casts are
added
clears warnings of the form:
src/dsp/lossless.c:52:18: runtime error: implicit conversion
from type 'int' of value -2 (32-bit, signed) to type 'uint32_t' (aka
'unsigned int') changed the value to 4294967294 (32-bit, unsigned)
Bug: b/229626362
Change-Id: If8a7f145c2d7e62e572e221da36b04281ed5c9bf
in the case of use_argb, alpha_offset may be non-zero which would cause
the null pointer check in CheckNonOpaque to pass
fixes a potential crash with invalid width/height set or an integer
sanitizer warning when passing a zeroed picture:
src/enc/picture_csp_enc.c:73:57: runtime error: applying non-zero offset
3 to null pointer
Change-Id: I9d499bba12c65ad5c65d8f9f3c8ee9298ac6081a
fixes integer sanitizer warnings of the form:
implicit conversion from type 'int' of value -2122283647 (32-bit,
signed) to type 'uint32_t' (aka 'unsigned int') changed the value to
2172683649 (32-bit, unsigned)
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
3724541952 (32-bit, unsigned) to type 'int' changed the value to
-570425344 (32-bit, signed)
Bug: b/229626362
Change-Id: I79f68e3e2fcab7cc0402477d2e88d629348c9ff4
fixes integer sanitizer warnings of the form:
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
3724541952 (32-bit, unsigned) to type 'int' changed the value to
-570425344 (32-bit, signed)
Bug: b/229626362
Change-Id: Ie4d599aba88226e4e047250464ac37ca11d2cd3b
