6a319d4da3
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==3531848==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d000000880 at pc 0x556eddfa1007 bp 0x7ffe434c7a90 sp 0x7ffe434c7260
READ of size 2052 at 0x61d000000880 thread T0
#0 0x556eddfa1006 in __asan_memcpy
#1 0x556eddfeeccf in WebPMemoryWrite src/enc/picture_enc.c:220:5
#2 0x556ede0f9f87 in WriteImage src/enc/vp8l_enc.c:1454:8
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: Ib1c9454c2c51849b0ba58c5347e6bd5b02a12fbe
(cherry picked from commit
|
||
---|---|---|
cmake | ||
doc | ||
examples | ||
extras | ||
gradle/wrapper | ||
imageio | ||
infra | ||
m4 | ||
man | ||
sharpyuv | ||
src | ||
swig | ||
tests | ||
webp_js | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.pylintrc | ||
.style.yapf | ||
Android.mk | ||
AUTHORS | ||
autogen.sh | ||
build.gradle | ||
ChangeLog | ||
CMakeLists.txt | ||
codereview.settings | ||
configure.ac | ||
CONTRIBUTING.md | ||
COPYING | ||
gradle.properties | ||
gradlew | ||
gradlew.bat | ||
iosbuild.sh | ||
Makefile.am | ||
makefile.unix | ||
Makefile.vc | ||
NEWS | ||
PATENTS | ||
PRESUBMIT.py | ||
README.md | ||
xcframeworkbuild.sh |
WebP Codec
__ __ ____ ____ ____
/ \\/ \/ _ \/ _ )/ _ \
\ / __/ _ \ __/
\__\__/\____/\_____/__/ ____ ___
/ _/ / \ \ / _ \/ _/
/ \_/ / / \ \ __/ \__
\____/____/\_____/_____/____/v1.3.0
WebP codec is a library to encode and decode images in WebP format. This package contains the library that can be used in other programs to add WebP support, as well as the command line tools 'cwebp' and 'dwebp' to compress and decompress images respectively.
See https://developers.google.com/speed/webp for details on the image format.
The latest source tree is available at https://chromium.googlesource.com/webm/libwebp
It is released under the same license as the WebM project. See https://www.webmproject.org/license/software/ or the "COPYING" file for details. An additional intellectual property rights grant can be found in the file PATENTS.
Building
See the building documentation.
Encoding and Decoding Tools
The examples/ directory contains tools to encode and decode images and animations, view information about WebP images, and more. See the tools documentation.
APIs
See the APIs documentation, and API usage examples in the
examples/
directory.
Bugs
Please report all bugs to the issue tracker: https://bugs.chromium.org/p/webp
Patches welcome! See how to contribute.
Discuss
Email: webp-discuss@webmproject.org
Web: https://groups.google.com/a/webmproject.org/group/webp-discuss