use png_create_read_struct_2 to set a malloc function allowing the code
to fail on large allocations while fuzzing
Change-Id: Iaca1b93ecc6570067708f3ae2db07fbca74386ee
The graphical bug happens when there is a frame disposed to background
color, followed by another frame that does not blend, and their areas
don't fully overlap. Only the previous frame clears its part of the
viewport. The fix consists in clearing the screen for the previous and
the current frame if needed.
Change-Id: I3425cf7297f0c7b2cf13a3a61b517cc0b1c031d8
Option -usebgcolor may be used to display ANIM background color (or white if no ANIM chunk), blended on top of checkerboard. By default this is disabled (old behavior) to easily see transparent areas. Spec says that "background color MAY be used", so it's an option.
Key b may be pressed to toggle ANIM background color display. There are visual artifacts (leftovers) when toggling during an animation. This is already the case for rescaling, toggling info etc. (fixing it implies storing viewport render or rendering whole animation from start till current frame).
BUG=webp:394
Change-Id: If9ab898b2eac77226f30f062d522f9861789ef8f
Container spec indicates that background color is written
in BGRA byte order, but glClearColor() parameters are RGBA.
Anyway the checkerboard is displayed right after glClear()
calls so it replaces background color.
In response to webp-discuss/TkLHALGaHaM
Change-Id: Ief5435fadfd6a422b881a9dc240b5e8dc6546e19
We should be using 'floor' when doing the final divide.
-> new MACRO is MULT_FIX_FLOOR()
XXX*** Mips code is DISABLED for now ***XXX
I'll update and re-enable it in a later
patch, since this code needs some refactoring first.
BUG=oss-fuzz:9179
Change-Id: Ic0693cdca4e71f5beab1029475e35c4d06b12d13
* Assert chunklist
* fix potential memory leak and
* fix null pointer access
There should not be several alpha_ or img_ chunks in SynthesizeBitstream. Use ChunkListDelete in MuxImageRelease to be safe.
A null pointer accessed in WebPMuxPushFrame triggered a harmless runtime error.
Change-Id: I3027f8752093652bd41f55e667d041c0de77ab6e
The chunk list only has two operations: append and set
to one element. The two operations are split and the append
one is sped up by storing the last element.
Corrupted data could make a very long list to search through.
BUG=oss-fuzz:9190
Change-Id: I1aa813ca629df29efaa3b46dbd4c4c42dbeaa34c
The standard allows for Huffman images with any coefficients.
Hence potentially big memory allocations. The previous workaround
was "trying" things out, the new one is more rigorous and
only allocates what is needed, modifying the Huffman image
to contain the minimal set of coefficients.
BUG=oss-fuzz:8623,oss-fuzz:9111,oss-fuzz:9134
Change-Id: I6a972e90e4ae509c15cb41ee22c58b775fa3f4aa
idec_dec.c, DecodeRemaining: Set decoder state to ERROR to prevent VP8ExitCritical to be called again
Change-Id: Id5f893f45c348e1c529680d930e640f780a73d4c
treat an ANMF chunk containing multiple VP8/VP8L file as malformed.
fixes a WebPMuxImage::img_ leak.
Though the invalid free in #9106 was avoided in (ubsan):
be738c6d muxread,ChunkVerifyAndAssign: validate chunk_size
that file would still cause a leak similar to #9099.
BUG=oss-fuzz:9099,oss-fuzz:9106
Change-Id: Ib873446a1188afeeb2fe5d53a86b75e0c5de9573
(we also limit radius based on height too, for good measure, although it's not an asan bug)
fixes oss-fuzz issue #9105
Change-Id: Ie0d79dd81480dc4e2b653b7e992e5cdcd3dfa834
before accounting for padding which might overflow if chunk_size is >
MAX_CHUNK_PAYLOAD.
BUG=webp:387,webp:388
Change-Id: I3985b8817ed4faaec0629102c5333c228a0e9c98
previously when adjusting size down based on a smaller riff_size the
checks were insufficient to prevent 'size -= RIFF_HEADER_SIZE' from
rolling over causing ChunkVerifyAndAssign to over read. the new checks
are imported from demux.c.
BUG=webp:386
Change-Id: If863c4a9892977b9ade7dd894392a0ecae13775c
with loop_compatibility disabled (the default), non-zero loop counts
will be incremented by 1 for browser rendering compatibility. the max,
65535, is a special case as the muxer will fail if it is exceeded; avoid
increasing the limit in this case. this isn't 100% correct, but should
be close enough given the high number of iterations.
BUG=webp:382
Change-Id: Icde3e98a58e9ee89604a72fafda30ab71060dec5
- 4/2/2018: version 1.0.0
This is a binary compatible release.
* lossy encoder improvements to avoid chroma shifts in various circumstances
(issues #308, #340)
* big-endian fixes for decode, RGBA import and WebPPictureDistortion
Tool updates:
gifwebp, anim_diff - default duration behavior (<= 10ms) changed to match
web browsers, transcoding tools (issue #379)
img2webp, webpmux - allow options to be passed in via a file (issue #355)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEaw5rcJdt4wPt8vYB+cPWvbgjK10FAlrasfkACgkQ+cPWvbgj
K12DGg//W62o9nLkWK3196sJW57z1/4kPFj3q2syxDfPvgu8A8RcFbLADXxacNsD
l3eR36wIG6VnJlI4DzoPn5uipvJCsDqysNRm4G6zBWc4wmycKBIwDz85i/2kJbG1
bXDK6yICh4Keg3eZq6dprZhSFQzi1MjQKtvfshU+rKC0UxaTzGDfc4qqn9df9468
a6xDrSw5lJ2cQs8BNAeLUJrziXaP1EnJuU1vvH9cDjQqVz02BE/o9EY3Pv8pL26h
3bzTiIf7v0tt0pPdzm+P5nQ0BCKkVVlzIqDn7E4ORZhbFAj3AVJPB3/7Y9YrL6/y
BGl94RNqlrzgCmPtkyTmFkOmIr/rQBgIbqS6KJ1mkS0qfwad/FXaEUAMz3yMO5xO
06NRXLhyREdPS678t9sp+epw+aHcxOgDZzgr8ghSufirSa6og7gyseGq+FHZ7R6d
R0dQknk6xbJc59tdKhVFO1Nc7acQWPzIY9KPmLUA5Ag3ooJFd65jUxQ8icn7NqyZ
+lh3CQhRF0mug9GNHBbtc6xn15mG59nGZp8NWW4UcqHOgzIQuHJS29ZH1j6wO3+O
iEuR3BmuagngN2Dpw+C2XJoT/qrO2GSndLSVJW6QTTCod9RCTZpc0ik6gAmPAgL1
ueYBuhzZyb1Dtdte377fRMfjpOezZUh6G0rFs4yQx9O4SXh/3xY=
=Uvya
-----END PGP SIGNATURE-----
Merge tag 'v1.0.0'
libwebp-1.0.0
- 4/2/2018: version 1.0.0
This is a binary compatible release.
* lossy encoder improvements to avoid chroma shifts in various circumstances
(issues #308, #340)
* big-endian fixes for decode, RGBA import and WebPPictureDistortion
Tool updates:
gifwebp, anim_diff - default duration behavior (<= 10ms) changed to match
web browsers, transcoding tools (issue #379)
img2webp, webpmux - allow options to be passed in via a file (issue #355)
* tag 'v1.0.0': (23 commits)
update ChangeLog
webp-container-spec: correct frame duration=0 note
vwebp: Copy Chrome's behavior w/frame duration == 0
update ChangeLog
add WEBP_DSP_INIT / WEBP_DSP_INIT_FUNC
fix 16b overflow in SSE2
makefile.unix: add DEBUG flag for compiling w/ debug-symbol
cwebp,get_disto: fix bpp output
cmake: Make sure we use near-lossless by default.
fix bug in WebPImport565: alpha value was not set
update ChangeLog
Revert "Use proper targets for CMake."
Use proper targets for CMake.
Remove some very hard TODOs.
{de,}mux/Makefile.am: add missing headers
makefile.unix,dist: use ascii for text output
add -version option to anim_dump,anim_diff and img2webp
webp_js: fix webp_js demo html
update ChangeLog
update AUTHORS
...
Change-Id: I5659406c022a0964f728ce2eb35338fd9c195466
the interpretation of a 0 duration depends on the implementation;
merging of multiple frames isn't guaranteed, some may enforce a minimum
duration.
BUG=webp:380
Change-Id: Idf592049d2092e4cc5cfb2e4c59ddbc91bd52f9c
(cherry picked from commit 71c39a06c8)
