VP8LEncodeStream: fix segfault on OOM

initialize bw_side before calling EncoderAnalyze() & EncoderInit() which may fail; previously this would cause a free of an invalid pointer in VP8LBitWriterWipeOut(). since at least: v0.6.0-120-gf8c2ac15 Multi-thread the lossless cruncher. Tested: for i in `seq 1 639`; do export MALLOC_FAIL_AT=$i ./examples/cwebp -m 6 -q 100 -lossless jpeg_file done Bug: webp:565 Change-Id: I1c95883834b6e4b13aee890568ce3bad0f4266f0
webmproject · Apr 4, 2022 · fe153fa · fe153fa
1 parent 0957fd6
commit fe153fa
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/src/enc/vp8l_enc.c b/src/enc/vp8l_enc.c
@@ -1966,14 +1966,19 @@ int VP8LEncodeStream(const WebPConfig* const config,
   const WebPWorkerInterface* const worker_interface = WebPGetWorkerInterface();
   int ok_main;
 
+  if (enc_main == NULL || !VP8LBitWriterInit(&bw_side, 0)) {
+    WebPEncodingSetError(picture, VP8_ENC_ERROR_OUT_OF_MEMORY);
+    VP8LEncoderDelete(enc_main);
+    return 0;
+  }
+
   // Avoid "garbage value" error from Clang's static analysis tool.
   WebPPictureInit(&picture_side);
 
   // Analyze image (entropy, num_palettes etc)
-  if (enc_main == NULL ||
-      !EncoderAnalyze(enc_main, crunch_configs, &num_crunch_configs_main,
+  if (!EncoderAnalyze(enc_main, crunch_configs, &num_crunch_configs_main,
                       &red_and_blue_always_zero) ||
-      !EncoderInit(enc_main) || !VP8LBitWriterInit(&bw_side, 0)) {
+      !EncoderInit(enc_main)) {
     WebPEncodingSetError(picture, VP8_ENC_ERROR_OUT_OF_MEMORY);
     goto Error;
   }