- allow for malloc to return 0.
- do not go through big resizing
BUG: oss-fuzz:4667732529577984, oss-fuzz:6595689259008000
Change-Id: I56892bbba2fbcf5d1ceede2b56ea34612f8d13ac
This change adds -fbounds-safety annotations to several pointers in the
`dec` directory. These annotations resolve errors and warnings that
arose from interactions with annotated functions in `utils`.
Bug: 465196207
Change-Id: I89554b85b19cd068c619c3ed2a31c36eb93d552a
`WebPIoInitFromOptions()` doesn't distinguish between `MODE_YUV` and
`MODE_YUVA`, only RGB vs YUV. Removing this check also removes a
confusing mix up between `MODE_YUV` and `MODE_YUVA` in the conditional.
Change-Id: Id46b21785433aded733ad914941398b0bd5d6b8f
Change memcpy|memset|memchr to unsafe variants
Add WEBP_ASSUME_UNSAFE_INDEXABLE_ABI to relevant files. I've also added
it to lossless.h, yuv.h, and decode.h as they're all imported by code in
dec, which will have -fbounds-safety annotations.
Bug: 432511225
Change-Id: I3011a0a56633b8437ead31607c7ac5f6311fa846
By moving non-abi breaking annotations into types.h, this enables us to
mark more of libwebp as unsafe to allow better interop with struct
members which default to __single.
Change-Id: I54b78f68581e41389538f7332989c04c2e02ccc7
Bug: webp:432511225
Memcmp is used in other parts of libwebp which we didn't see yet in
webputils. The places that use memcp use it as an expression, (i.e. if
(memcmp(...)), so explicitly do not wrap in do { } while (0) guard.
Change-Id: Ifa972640bae052717a1af02112c62dc197dfe0f1
This will become the default in later versions of clang-format with
--style=Google. This will normalize the pointer alignment in the
fuzzers.
Change-Id: I118aac9758ab2a1af82a907ee61f4a7af88209b1
Note that config.exact defaults to 0 and point users to WebPEncode() if
the default isn't acceptable. This duplicates the comment from encode.h
for visibility. Follow up to:
6d2e11ec encode.h: mention 'exact' default in WebPEncodeLossless*
Bug: 449296530
Change-Id: Iba44dbcbb179bd80ea0a6b9e129b2c7e0a406916
There was a duplicated functionality with a lower quality which
could lead to decoded lossless WebP to YUV being different from
lossless WebP to PNG to YUV.
The rescaler is not using it yet.
Bug: 432241412
Change-Id: Id794880957935b69729d4b34ae453551d13364dc
The armv7, armv7s and i386 iOS targets were deprecated in Xcode 14 [1]
and failed to build with Xcode 16.4.
[1]: https://developer.apple.com/documentation/xcode-release-notes/xcode-14-release-notes
Building iOS projects with deployment targets for the armv7, armv7s, and
i386 architectures is no longer supported. (92831716)
Change-Id: I08d376fea64638d056258798bd7e586ca6880454
Reasoning:
Image Data Buffers:
The `data` parameter of `WebPDequantizeLevels` (in both .c and .h)
and `InitParams` (src/utils/quant_levels_dec_utils.c:232) is annotated
with `WEBP_SIZED_BY((long)stride * height)`, as it points to the start
of the image buffer.
The `src` and `dst` fields in `SmoothParams`
(src/utils/quant_levels_dec_utils.c:54) are annotated as
`WEBP_INDEXABLE`. They are initialized from `data` in `InitParams`
(L266) and are advanced row by row using pointer arithmetic (e.g.,
`p->src += p->stride` in `VFilter` L111, `p->dst += p->stride` in
`ApplyFilter` L165). `WEBP_INDEXABLE` is used because the pointers
iterate within the buffer and are only accessed with positive indices.
Scratch Buffers (`SmoothParams`):
Scratch buffers are allocated in `InitParams` via `WebPSafeMalloc`.
The local variable `mem` holding this allocation (L245) is explicitly
annotated as `WEBP_BIDI_INDEXABLE` to ensure safety when compiling with
error suppression.
- `start`, `cur`, `top`: These pointers are used for iteration and
pointer arithmetic within the circular scratch buffer. They are
annotated as `WEBP_INDEXABLE`.
- `end`: This pointer is annotated as `WEBP_BIDI_INDEXABLE` because it
is used in subtraction (`p->end - width`) in `InitParams` (L257) to
calculate `p->top`.
- `average`: This buffer is accessed sequentially up to `width`. It is
annotated as `WEBP_COUNTED_BY(width)`. Initialization in `InitParams`
is reordered (L261) to ensure `p->width` is set before `p->average`.
- `correction`: This lookup table requires negative indexing. To avoid
using `WEBP_BIDI_INDEXABLE` in the struct, it is annotated as
`WEBP_COUNTED_BY_OR_NULL(CORRECTION_LUT_SIZE)` (L75), pointing to the
start of the buffer. `CORRECTION_LUT_SIZE` is defined (L33).
`InitCorrectionLUT` (L188) and `ApplyFilter` (L147) calculate a local
middle pointer which is explicitly annotated as `WEBP_BIDI_INDEXABLE`
to allow safe negative indexing.
Local Pointers:
To ensure safety when compiling with error suppression (where locals
default to unsafe), explicit annotations are added to local pointers
derived from safe struct members:
- `VFilter` (L87): `src`, `cur`, `top`, `out` are `WEBP_INDEXABLE`.
- `HFilter` (L121): `in`, `out` are `WEBP_INDEXABLE`.
- `ApplyFilter` (L145): `average`, `dst` are `WEBP_INDEXABLE`.
- `CountLevels` (L214): `data` is `WEBP_INDEXABLE`.
Bug: 432511821
Change-Id: I6bdf86f80c94a5b182c5aef7e4092fe4ea24afb8
