ExpandColorMap() can fail due to a memory allocation failure.
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: I868c5db2fee18e876f4aa3b63e744d7297d1a91b
in AllocateAlphaPlane() and VP8DecompressAlphaRows().
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: I39eb305abfe9f4d7915cce5d91e72917f482bc20
This is unnecessary as green will have the largest value; the sizes are
currently: 256 + 24 + color_cache_size, 256, 40, in that order.
Change-Id: Ib9ce3292285a7b9c6089557b68a87184b68d17a5
Users of the encoder (including anim_encode.c) and areas of the encoder
itself rely on the status returned via WebPPicture.
Change-Id: Id786176b8ac3b2329d1e41b9dacbb8dcc5d822e4
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==13==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310
READ of size 1028 at 0x61900005b880 thread T0
#0 0x49ffc0 in __asan_memcpy
#1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3
#2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
This is the same issue that was fixed in the non-alpha lossless path in:
d49cfbb3 vp8l_enc,WriteImage: add missing error check
Bug: chromium:1455619
Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==3531848==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d000000880 at pc 0x556eddfa1007 bp 0x7ffe434c7a90 sp 0x7ffe434c7260
READ of size 2052 at 0x61d000000880 thread T0
#0 0x556eddfa1006 in __asan_memcpy
#1 0x556eddfeeccf in WebPMemoryWrite src/enc/picture_enc.c:220:5
#2 0x556ede0f9f87 in WriteImage src/enc/vp8l_enc.c:1454:8
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: Ib1c9454c2c51849b0ba58c5347e6bd5b02a12fbe
This prevents leaks should an allocation fail.
Spotted by Philippe Antoine (p dot antoine at catenacyber dot fr)
and https://github.com/catenacyber/nallocfuzz.
Change-Id: I07a8a475a282b18bf2f9015cc5b1120772babd48
The buffers are made mandatory to match WebPDecodeYUVInto(), though this
conflicts with WebPIDecGetYUVA().
spotted by Oliver Kunz (okunz at google dot com)
Change-Id: Ic4740c53b75da6b93d4f3462303fb9be0ebfbd48
The histograms count the occurrences of len/dist in entropy images.
Those (at most (1<<14) by (1<<14)) are sub-sampled by at least
MIN_HUFFMAN_BITS == 2, hence at most 24 bits in a histogram value.
At most, we multiply by 19 (because the longest histogram is of
size 40 and we do 40>>1, cf code) for the bit cost. So it all fits
in 32 bits.
Change-Id: Ife24b035f54794851ff31f2fac07901f724c6d7f
and define it to true for __aarch64__ and Win Arm64 + Visual Studio.
Microsoft's compiler (cl.exe) does not define __aarch64__, but relies on
_M_ARM64 & _M_ARM64EC
Bug: b/277254922
Change-Id: I20e4fa07a4031599db69e3d7ba9050345315ef51
This avoids defining a version in each translation unit when using
__declspec(dllexport) which causes failures due to multiply defined
symbols with clang-cl:
lld-link: error: duplicate symbol: VP8GetCPUInfo
>>> defined at CMakeFiles\webpdecode.dir\Debug\src\dec\alpha_dec.c.obj
>>> defined at CMakeFiles\webpdsp.dir\Debug\src\dsp\dec_sse41.c.obj
...
Bug: webp:607
Change-Id: I6cd1ee75b3db984aa513263a05516e867a64925d
this is always defined by default to 0 since:
v0.6.0-158-g663a6d9d unify the ALTERNATE_CODE flag usage
previously the !defined() check would cause a mismatch between C and
assembly.
Change-Id: Idca0b8e39ca90d63785fd4125aeb7af86c5aae61
This avoids a double free should the function fail prior to
VP8BitWriterInit() and a previous trial result's buffer carried over.
Previously in ApplyFiltersAndEncode() trial.bw (with a previous
iteration's buffer) would be freed, followed by best.bw pointing to the
same buffer.
Since:
187d379d add a fallback to ALPHA_NO_COMPRESSION
In addition, check the return value of VP8BitWriterInit() in this
function.
Bug: webp:603
Change-Id: Ic258381ee26c8c16bc211d157c8153831c8c6910
when threading is disabled; fixes:
src/enc/analysis_enc.c:429:15: warning: Value stored to 'split_row'
during its initialization is never read [deadcode.DeadStores]
const int split_row = (9 * last_row + 15) >> 4;
^~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: I2b02173bb8c930ed54360cce5c7b88ecce098d83
* changes:
picture_csp_enc.c: remove SafeInitSharpYuv
sharpyuv: prefer webp/types.h
sharpyuv,SharpYuvInit: add mutex protection when available
sharyuv_{neon,sse2}.c: merge WEBP_USE_* sections
add a few missing <stddef.h> includes for NULL
sharpyuv.h: remove <inttypes.h>
thread safety was internalized in:
782ed48c sharpyuv,SharpYuvInit: add mutex protection when available
Change-Id: I2877e7bb78bf89ad7504c33d04b22952c0c0a968
move WEBP_EXTERN definition from Makefile.vc to webp/types.h using the
existing WEBP_DLL define to control its declaration to
__declspec(dllexport); the same is done for SHARPYUV_EXTERN
Change-Id: Iecea360305bdd19a878255470a00b9dcc344c730
the ternary used with alpha_offset was removed in:
3b07d327 Import,RGBA: fix for BigEndian import
use the ALPHA_OFFSET directly
Change-Id: Iee9b7c54f1498591e8c5834766dc4d34a321133d
this localizes the conversion to int in the function; the parameter was
previously changed in:
6ab496ed fix some 'unsigned integer overflow' warnings in ubsan
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
2350919223 (32-bit, unsigned) to type 'int' changed the value to
-1944048073 (32-bit, signed)
Bug: b/229626362
Change-Id: I589eec11c0dabaeba99e153e705f956181c570d2
in TransformColorBlue; make new_blue an int to avoid:
implicit conversion from type 'int' of value 264 (32-bit, signed) to
type 'uint8_t' (aka 'unsigned char') changed the value to 8 (8-bit,
unsigned)
Bug: b/229626362
Change-Id: Ife276a59231075788396204e1a192f3b0c6d9e21
add explicit casts in calls to ColorTransformDelta()
clears warnings of the form:
implicit conversion from type 'uint8_t' (aka 'unsigned char') of value
254 (8-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the
value to -2 (8-bit, signed)
Bug: b/229626362
Change-Id: Ic049ad9c9b5c6b669a1c943287f416533d6c873c
add explicit casts in calls to ColorTransformDelta()
clears warnings of the form:
implicit conversion from type 'uint8_t' (aka 'unsigned char') of value
254 (8-bit, unsigned) to type 'int8_t' (aka 'signed char') changed the
value to -2 (8-bit, signed)
Bug: b/229626362
Change-Id: I40618209509508f56d8053f9daa29cf2e6999766
previously the types were changed to int to prevent unsigned overflow
warnings:
6ab496ed fix some 'unsigned integer overflow' warnings in ubsan
clears warnings of the form:
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
3724541952 (32-bit, unsigned) to type 'int' changed the value to
-570425344 (32-bit, signed)
implicit conversion from type 'int' of value -3361661 (32-bit, signed)
to type 'unsigned int' changed the value to 4291605635 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: If1eb39c5dd7218d686c3c47fb7df72431b873be4
clears warnings of the form:
src/dsp/upsampling_sse2.c:169:1: runtime error: implicit conversion from
type 'int' of value -16 (32-bit, signed) to type 'unsigned long' changed
the value to 18446744073709551600 (64-bit, unsigned)
Bug: b/229626362
Change-Id: I757d347808be5084e5fcf7c121a77d09812b743c
clears a warning of the form:
src/dec/webp_dec.c:182:62: runtime error: implicit conversion from type
'int' of value -2 (32-bit, signed) to type 'unsigned int' changed the
value to 4294967294 (32-bit, unsigned)
Bug: b/229626362
Change-Id: Ibf08f8bb9ec345381b51ca3872745368fca700c0
clears a warning of the form:
implicit conversion from type 'int' of value -1 (32-bit, signed) to type
'uint32_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: I397fbd59bd3e6d787fcec1344b6230958b28d22c
clears warnings of the form:
implicit conversion from type 'int32_t' (aka 'int') of value -1 (32-bit,
signed) to type 'unsigned int' changed the value to 4294967295 (32-bit,
unsigned)
Bug: b/229626362
Change-Id: I956671d4fee482c97c67bbe94032a97da49b0f6d
in calls to Clip255(); given the current implementation's use of a
logical shift the parameter is left as uint32_t and explicit casts are
added
clears warnings of the form:
src/dsp/lossless.c:52:18: runtime error: implicit conversion
from type 'int' of value -2 (32-bit, signed) to type 'uint32_t' (aka
'unsigned int') changed the value to 4294967294 (32-bit, unsigned)
Bug: b/229626362
Change-Id: If8a7f145c2d7e62e572e221da36b04281ed5c9bf
in the case of use_argb, alpha_offset may be non-zero which would cause
the null pointer check in CheckNonOpaque to pass
fixes a potential crash with invalid width/height set or an integer
sanitizer warning when passing a zeroed picture:
src/enc/picture_csp_enc.c:73:57: runtime error: applying non-zero offset
3 to null pointer
Change-Id: I9d499bba12c65ad5c65d8f9f3c8ee9298ac6081a
fixes integer sanitizer warnings of the form:
implicit conversion from type 'int' of value -2122283647 (32-bit,
signed) to type 'uint32_t' (aka 'unsigned int') changed the value to
2172683649 (32-bit, unsigned)
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
3724541952 (32-bit, unsigned) to type 'int' changed the value to
-570425344 (32-bit, signed)
Bug: b/229626362
Change-Id: I79f68e3e2fcab7cc0402477d2e88d629348c9ff4
fixes integer sanitizer warnings of the form:
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
3724541952 (32-bit, unsigned) to type 'int' changed the value to
-570425344 (32-bit, signed)
Bug: b/229626362
Change-Id: Ie4d599aba88226e4e047250464ac37ca11d2cd3b
missed in:
83539239 (origin/main, main) dsp,x86: normalize types w/_mm_set* calls
fixes integer sanitizer warnings of the form:
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
4292337446 (32-bit, unsigned) to type 'int' changed the value to
-2629850 (32-bit, signed)
runtime error: implicit conversion from type
'uint8_t' (aka 'unsigned char') of value 128 (8-bit, unsigned) to type
'char' changed the value to -128 (8-bit, signed)
Bug: b/229626362
Change-Id: Ie904da8ded26725b4e0a9b82cc0679234f0a5388
WEBP_REDUCE_SIZE was introduced to bring down the library size by
removing cropping and scaling support. Previously WebPPictureView() was
only used with these two, but in
ec178f2c Add progress hook granularity in lossless
an additional use was added in VP8LEncodeStream() when extra side
configurations are used in crunch mode (-mt, quality == 100 & method ==
6 or quality >= 75 & method == 5 with a palette present currently).
WebPPictureView() and, for coherency, WebPPictureIsView() are
restored in this configuration to avoid affecting the general encode
path.
Previously WebPPictureView() was assumed to always succeed in these
cases which could result in crashes with WEBP_REDUCE_SIZE defined.
Bug: chromium:1345547
Bug: chromium:1345595
Bug: chromium:1345772
Bug: chromium:1345804
Change-Id: Ifecde36a726a434510478a764514b1469942c684
(cherry picked from commit 84163d9d02)
fixes integer sanitizer warnings of the form:
runtime error: implicit conversion from type 'unsigned int' of value
4294967295 (32-bit, unsigned) to type 'int' changed the value to -1
(32-bit, signed)
runtime error: implicit conversion from type
'uint8_t' (aka 'unsigned char') of value 128 (8-bit, unsigned) to type
'char' changed the value to -128 (8-bit, signed)
Bug: b/229626362
Change-Id: I6be3c40407cf7a27b79d31ee32d3829ecb78ed66
this fixes runtime warnings with clang -fsanitize=integer when using the
WEBP_ALIGN_CST constant in WEBP_ALIGN:
implicit conversion from type 'int' of value -32 (32-bit, signed) to
type 'unsigned int' changed the value to 4294967264 (32-bit, unsigned)
Bug: b/229626362
Change-Id: I524d80e620b9869de4e6d322b7de6ffa1ec8657f
and use it in calls containing _mm_cvtsi32_si128; this calls
WebPUint32ToMem, but corrects the type to avoid runtime warnings with
clang -fsanitize=integer of the form:
implicit conversion from type 'int' of value -1904123502 (32-bit,
signed) to type 'uint32_t' (aka 'unsigned int') changed the value to
2390843794 (32-bit, unsigned)
Bug: b/229626362
Change-Id: I20545e822d8045fa44f688241879206055a0a148
and use it with calls to _mm_cvtsi32_si128 and _mm_set_epi32; this calls
WebPMemToUint32, but corrects the type to avoid runtime warnings with
clang -fsanitize=integer of the form:
implicit conversion from type 'uint32_t' (aka 'unsigned int') of value
2155905152 (32-bit, unsigned) to type 'int' changed the value to
-2139062144 (32-bit, signed)
Bug: b/229626362
Change-Id: I50101ba2b46dfaa852f02d46830f3511c80b02d9
WEBP_REDUCE_SIZE was introduced to bring down the library size by
removing cropping and scaling support. Previously WebPPictureView() was
only used with these two, but in
ec178f2c Add progress hook granularity in lossless
an additional use was added in VP8LEncodeStream() when extra side
configurations are used in crunch mode (-mt, quality == 100 & method ==
6 or quality >= 75 & method == 5 with a palette present currently).
WebPPictureView() and, for coherency, WebPPictureIsView() are
restored in this configuration to avoid affecting the general encode
path.
Previously WebPPictureView() was assumed to always succeed in these
cases which could result in crashes with WEBP_REDUCE_SIZE defined.
Bug: chromium:1345547
Bug: chromium:1345595
Bug: chromium:1345772
Bug: chromium:1345804
Change-Id: Ifecde36a726a434510478a764514b1469942c684
and use it to suppress a false positive related to data that passes
through RGBA32PackedToPlanar_16b_SSE41(). Current versions (tested with
clang 13.0.1, using -O0 and the build from oss-fuzz of enc_dec_fuzzer)
model shuffles incorrectly reporting use of uninitialized
data related to the alpha change that's removed when converting to YUV.
valgrind behaves correctly, however.
Bug: webp:573
Change-Id: If76997668dcdd436adf280a2e6dcffba766a2875
quiets a warning under visual studio:
src\enc\picture_enc.c(48) : warning C4028: formal parameter 1 different
from declaration
Change-Id: Ic3affbbb0e22ac8c43fa183e13506eee72e180dc
- pic->picture in public header
- match implementation to declaration in PictureImport, WebPPictureRescale, WebpBlendAlpha
Change-Id: Ibf3771af22d671bba6fd657684add618c6f32978
Remove unused constants.
Use ALL_CAPS for defines and kCamelCase for static const values.
Change some defines into static constants if they are not used in array sizes.
Change-Id: I036b0f99215fd0414a33f099bd6b809ff8ee4541
quiets -Wunused-but-set-variable
frame_count has been unused in this function since:
ab714b8a demux, Frame: remove is_fragment_ field
Change-Id: Ie6afda915c6b82736e05e7490eba0165c3dd37e4
1 space is most common in the source; this fixes some mixed cases within
lossless files, likely from clang-format
Change-Id: I504206d5bf418781d4131ee73570ecee4e0a69a1
several calls to ChunkSetHead() were unchecked, causing the chunk to
leak should the call fail due to OOM
Tested:
for i in `seq 1 1125`; do
export MALLOC_FAIL_AT=$i
./examples/gif2webp gif_file
./examples/gif2webp -mixed gif_file
done
for i in `seq 1 171`; do
export MALLOC_FAIL_AT=$i
./examples/img2webp jpeg_file -o /dev/null
./examples/img2webp -mixed jpeg_file -o /dev/null
done
Change-Id: I479bc487f61b493e5ce033872d353007055c172a
previously failures in the call to
VP8LBackwardReferencesTraceBackwards() would be ignored which, though it
wouldn't result in a crash, would produce non-deterministic output
Change-Id: Id9890a60883c3270ec75e968506d46eea32b76d4
change CostManager to calloc to avoid frees on undefined pointer
values in CostManagerClear() should the cost_model allocation succeed,
but the cost_manager allocation fail
since:
v0.5.0-93-g3e023c17 Speed-up BackwardReferencesHashChainDistanceOnly.
Tested:
for i in `seq 1 639`; do
export MALLOC_FAIL_AT=$i
./examples/cwebp -m 6 -q 100 -lossless jpeg_file
done
Bug: webp:565
Change-Id: I376d81e6f41eb73529053e9e30c142b4b4f6b45b
initialize bw_side before calling EncoderAnalyze() & EncoderInit() which
may fail; previously this would cause a free of an invalid pointer in
VP8LBitWriterWipeOut().
since at least:
v0.6.0-120-gf8c2ac15 Multi-thread the lossless cruncher.
Tested:
for i in `seq 1 639`; do
export MALLOC_FAIL_AT=$i
./examples/cwebp -m 6 -q 100 -lossless jpeg_file
done
Bug: webp:565
Change-Id: I1c95883834b6e4b13aee890568ce3bad0f4266f0
the trailing width % 8 bytes would clear the upper bytes of
alpha_mask as they're done one at a time
since:
49d0280d NEON: implement several alpha-processing functions
Change-Id: Iff76c0af3094597285a6aa6ed032b345f9856aae
It's self contained apart from a dependency on src/webp/types.h and src/dsp/cpu.h
For now it's only set up as an internal library, not an installable one.
Webp doesn't depend on it yet, the code is only duplicated.
Change-Id: I752799894f9d4105d0d296ddebd9f9641181a1ec
