The available size was not checked before parsing the VP8X data
BUG=oss-fuzz:9100,oss-fuzz:9123,webp:512
Change-Id: I0143cc4554883c1015e2f084a0e371229e04a8ca
(cherry picked from commit 95fd650706)
(cherry picked from commit c0226fd91c)
idec_dec.c, DecodeRemaining: Set decoder state to ERROR to prevent VP8ExitCritical to be called again
BUG=webp:512
Change-Id: Id5f893f45c348e1c529680d930e640f780a73d4c
(cherry picked from commit 9e729fe19b)
(cherry picked from commit a14e0f6465)
CopyBlock8b() was over-using memcpy() of 16b values.
BUG=webp:393,webp:512
Change-Id: Id56f10d334b9a453fbcf50dabfaa63529bcff7e5
(cherry picked from commit 211f37ee63)
(cherry picked from commit 667d17a8a4)
treat an ANMF chunk containing multiple VP8/VP8L file as malformed.
fixes a WebPMuxImage::img_ leak.
Though the invalid free in #9106 was avoided in (ubsan):
be738c6d muxread,ChunkVerifyAndAssign: validate chunk_size
that file would still cause a leak similar to #9099.
BUG=oss-fuzz:9099,oss-fuzz:9106,webp:512
Change-Id: Ib873446a1188afeeb2fe5d53a86b75e0c5de9573
(cherry picked from commit eb82ce76dd)
(cherry picked from commit f4cf238a41)
(we also limit radius based on height too, for good measure, although it's not an asan bug)
fixes oss-fuzz issue #9105
BUG=webp:512
Change-Id: Ie0d79dd81480dc4e2b653b7e992e5cdcd3dfa834
(cherry picked from commit 1344a2e947)
(cherry picked from commit 61ff26aeeb)
before accounting for padding which might overflow if chunk_size is >
MAX_CHUNK_PAYLOAD.
BUG=webp:387,webp:388,webp:512
Change-Id: I3985b8817ed4faaec0629102c5333c228a0e9c98
(cherry picked from commit be738c6d39)
(cherry picked from commit 6f643f2417)
previously when adjusting size down based on a smaller riff_size the
checks were insufficient to prevent 'size -= RIFF_HEADER_SIZE' from
rolling over causing ChunkVerifyAndAssign to over read. the new checks
are imported from demux.c.
BUG=webp:386,webp:512
Change-Id: If863c4a9892977b9ade7dd894392a0ecae13775c
(cherry picked from commit 2c70ad76c9)
(cherry picked from commit 706ff9c325)
with loop_compatibility disabled (the default), non-zero loop counts
will be incremented by 1 for browser rendering compatibility. the max,
65535, is a special case as the muxer will fail if it is exceeded; avoid
increasing the limit in this case. this isn't 100% correct, but should
be close enough given the high number of iterations.
BUG=webp:382,webp:512
Change-Id: Icde3e98a58e9ee89604a72fafda30ab71060dec5
(cherry picked from commit af0e4fbb06)
(cherry picked from commit 4b282e13ad)
only supported ones are: RGBA/BGRA/rgbA/bgrA (decoder)
as well as: WebPPictureImportRGB/RGBX/RGBA (encoder).
(note: extras/get_disto is affected too)
Change-Id: If6c4f95054ca15759c4e289fb3b4c352b3521c2c
(cherry picked from commit 6de20df02c)
this results in flickering with animated webp + alpha. disabling the
option is a workaround to restore the behavior to the previous release.
BUG=webp:365
Change-Id: Iac7fcc0d483837e76cc54ad3f26c4e0e5511e31d
remove auto-filter (-af) support and make WebPPictureCopy,
WebPPictureIsView, WebPPictureView, WebPPictureCrop, and
WebPPictureRescale noops.
Change-Id: If39d512cc268a0015298a1138dbc94feb86575e5
with gcc-4.8, clang-4.0.1/5 this is no faster (actually up to 2x slower)
than the code generated for memset (0x01010... * dst[-1]). shuffles in
sse4 recover a bit, but performance is still down.
Change-Id: Ie85e8353f8ede559d0b05a1d388787fd18ecc80f
Rewrote WebPPictureHasTransparency() to use them (even for argb).
This is 10% faster, for some reasons.
SSE2 version should be straightforward.
Removes a TODO.
Change-Id: I7ad5848fc5e355e2df505dbcd5a0f42fb6cbab41
The WebPDemux and WebPAnimDecoder APIs are provided for the purpose of
animated webp parsing and decoding. No major changes are currently
planned for the libwebp API.
Change-Id: I2758ecda195b0c4091572d5731a0a85fa3716303
