The first condition is only necessary if we have not read enough
(enough being defined by src_last, not src_end which is the end
of the image).
The second condition now fits the comment below: "if not
incremental, and we are past the end of buffer".
BUG=oss-fuzz:62136
Change-Id: I0700f67c62db8e1c02c2e429a069a71e606a5e4f
First, BuildHuffmanTable is called to check if the data is valid.
If it is and the table is not big enough, more memory is allocated.
This will make sure that valid (but unoptimized because of unbalanced
codes) streams are still decodable.
Bug: chromium:1479274
Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
According to https://gcc.gnu.org/onlinedocs/gcc/extensions-to-the-c-language-family/how-to-use-inline-assembly-language-in-c-code.html
For the C language, the asm keyword is a GNU extension. When
writing C code that can be compiled with -ansi and the -std options
that select C dialects without GNU extensions, use __asm__ instead
of asm (see Alternate Keywords). For the C++ language, asm is a
standard keyword, but __asm__ can be used for code compiled with
-fno-asm.
Change-Id: I4af950e67c857c890290c1e3d9cc886da0748784
place the unknown 'XYZW' chunk at the end of the file to agree with the
order given by the 'Extended File Format' section.
Change-Id: I5cec5a61069a03f3487f5f9ff9209f5ead6de24c
This makes it easier to read and copy/paste, though this is just rough
pseudo-code. It also matches the formatting of the advanced decoder
example.
Change-Id: I6a4d0a04a12bfc1f1956ac965ff4869cefc4f3df
4 bits are read ([0, 15]) with 4 added to the result. The check that the
result is not > NUM_CODE_LENGTH_CODES (19) is redundant. This makes the
check an assert for documentation purposes.
webp-lossless-bitstream-spec.txt is updated accordingly.
Bug: webp:611
Change-Id: Ie461017dc9de3da4cfe6856543d3dcf58f53a180
In Section 6.2 Details, use uppercase after a :. This is more consistent
with the rest of the doc.
Bug: webp:611
Change-Id: I7ac862c90fd8e5fe0bad0dd5e3515d3095a6dc9a
in ordered list in "6.2. Details". This is more consistent with the rest
of the document.
Bug: webp:611
Change-Id: Ie467c771afd5813a30855b24c80cf92673a5281c
when referring to the RIFF chunk size; this is more consistent with
other documentation.
Bug: webp:611
Change-Id: Icf05491ee79f5c48fab0b4935da397b4e4e45a71
The serial comma change is based on the Chicago Manual of Style
(CMOS), 17th edition.
Bug: webp:611
Change-Id: Ic02e6652662608414c16e0fead2912781a47633d
ExpandColorMap() can fail due to a memory allocation failure.
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: I868c5db2fee18e876f4aa3b63e744d7297d1a91b
WebPAnimEncoderAdd() may fail due to muxer errors that are reported as
booleans. When running under the nallocfuzz engine, ignore all failures.
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: I36589545d20ac30a67f7e09264146db085dee6ca
Move the details given for meta prefix codes and the transforms from
"5.1. Roles of Image Data" to their corresponding sections.
Bug: webp:611
Change-Id: I750a3f45956d0a3928a22113180a2590ac1a36db
After processing the Color Indexing Transform the image width is
subsampled by the transform's width_bits.
Bug: webp:611
Change-Id: If8d2d47dbe05e5c8085fb3fb4c1b63552be9028b
in AllocateAlphaPlane() and VP8DecompressAlphaRows().
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: I39eb305abfe9f4d7915cce5d91e72917f482bc20
rather than WebPDecodeRGBA(). This allows finer grained error detection
and avoids an abort() when running under the nallocfuzz engine.
Change-Id: I8ff37f2fe7e1c8b39bd4a8bfe7b26ac41149ba42
pic.error_code may be set to VP8_ENC_ERROR_BAD_WRITE if the writer fails
due to a memory allocation failure.
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: I912c9e5f9a37b78832c52d9ab6f0710967fbadac
This is unnecessary as green will have the largest value; the sizes are
currently: 256 + 24 + color_cache_size, 256, 40, in that order.
Change-Id: Ib9ce3292285a7b9c6089557b68a87184b68d17a5
This function may fail due to allocation failures. Use the
NALLOC_FUZZ_VERSION environment variable to detect the engine. This was
added in:
9c9a9883cc
Change-Id: Ia5b6fd9458ffa1f810152a10ab49a48c75d17687
If ReadBits(0) == 0, the value of max_symbol is set to the alphabet size
for each symbol type.
See vp8l_dec.c, ReadHuffmanCode(), which passes alphabet_size to
ReadHuffmanCodeLengths() as num_symbols, and ReadHuffmanCodeLengths()
then sets max_symbol to that.
Bug: webp:611
Change-Id: I662bd1d7f372e7f2e9c71cc86f87aefd02f36647