[OE-core][dunfell][PATCH] licenses.conf: Add missing LGPLv2.0+ license
Adds LGPLv2.0+ license variation to match LGPLv2+. Signed-off-by: Colin McAllister --- This is a much smaller change that fixes the primary issue I've hit with SPDX generation on Dunfell, where pango_1.46.7 uses "LGPLv2.0+" for a license, which doesn't exist in the SPDXLICENSEMAP and causes build errors when spdx generation is enabled. If backporting all the license changes from master is too much, I was hoping this smaller change would be considered acceptable. Allowing this change to merge to Dunfell before dropping support would be greatly appreciated. :) meta/conf/licenses.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf index d14c365977..c78823e847 100644 --- a/meta/conf/licenses.conf +++ b/meta/conf/licenses.conf @@ -37,6 +37,7 @@ SPDXLICENSEMAP[GPL-3.0-only] = "GPL-3.0" SPDXLICENSEMAP[LGPLv2] = "LGPL-2.0" SPDXLICENSEMAP[LGPLv2+] = "LGPL-2.0+" SPDXLICENSEMAP[LGPLv2.0] = "LGPL-2.0" +SPDXLICENSEMAP[LGPLv2.0+] = "LGPL-2.0+" SPDXLICENSEMAP[LGPL-2.0-only] = "LGPL-2.0" SPDXLICENSEMAP[LGPL2.1] = "LGPL-2.1" SPDXLICENSEMAP[LGPLv2.1] = "LGPL-2.1" -- 2.43.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197939): https://lists.openembedded.org/g/openembedded-core/message/197939 Mute This Topic: https://lists.openembedded.org/mt/105314896/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH] common-licenses: Backport missing license
Backports missing license from master to kirkstone. Signed-off-by: Colin McAllister --- .../LGPL-3.0-with-zeromq-exception| 181 ++ 1 file changed, 181 insertions(+) create mode 100644 meta/files/common-licenses/LGPL-3.0-with-zeromq-exception diff --git a/meta/files/common-licenses/LGPL-3.0-with-zeromq-exception b/meta/files/common-licenses/LGPL-3.0-with-zeromq-exception new file mode 100644 index 00..02e943c4ac --- /dev/null +++ b/meta/files/common-licenses/LGPL-3.0-with-zeromq-exception @@ -0,0 +1,181 @@ +GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one
[OE-core][dunfell][PATCH 2/2] licenses.conf: Backport missing licenses
SPDX generation on Dunfell curently runs into issues because some recipes contain licenses that are not supported in licenses.conf. This commit backports licenses added to licenses.conf since Dunfell. Signed-off-by: Colin McAllister --- This patch updates licenses.conf to align with both Kirkstone and Master. meta/conf/licenses.conf | 114 1 file changed, 69 insertions(+), 45 deletions(-) diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf index d14c365977..991fb6cc23 100644 --- a/meta/conf/licenses.conf +++ b/meta/conf/licenses.conf @@ -10,84 +10,108 @@ # Any mapping to MPL/LGPL/GPL should be fixed # AGPL variations -SPDXLICENSEMAP[AGPL-3] = "AGPL-3.0" -SPDXLICENSEMAP[AGPLv3] = "AGPL-3.0" -SPDXLICENSEMAP[AGPLv3.0] = "AGPL-3.0" -SPDXLICENSEMAP[AGPL-3.0-only] = "AGPL-3.0" +SPDXLICENSEMAP[AGPL-3] = "AGPL-3.0-only" +SPDXLICENSEMAP[AGPL-3+] = "AGPL-3.0-or-later" +SPDXLICENSEMAP[AGPLv3] = "AGPL-3.0-only" +SPDXLICENSEMAP[AGPLv3+] = "AGPL-3.0-or-later" +SPDXLICENSEMAP[AGPLv3.0] = "AGPL-3.0-only" +SPDXLICENSEMAP[AGPLv3.0+] = "AGPL-3.0-or-later" +SPDXLICENSEMAP[AGPL-3.0] = "AGPL-3.0-only" +SPDXLICENSEMAP[AGPL-3.0+] = "AGPL-3.0-or-later" + +# BSD variations +SPDXLICENSEMAP[BSD-0-Clause] = "0BSD" # GPL variations -SPDXLICENSEMAP[GPL-1] = "GPL-1.0" -SPDXLICENSEMAP[GPLv1] = "GPL-1.0" -SPDXLICENSEMAP[GPLv1.0] = "GPL-1.0" -SPDXLICENSEMAP[GPL-1.0-only] = "GPL-1.0" -SPDXLICENSEMAP[GPL-2] = "GPL-2.0" -SPDXLICENSEMAP[GPLv2] = "GPL-2.0" -SPDXLICENSEMAP[GPLv2+] = "GPL-2.0+" -SPDXLICENSEMAP[GPLv2.0] = "GPL-2.0" -SPDXLICENSEMAP[GPLv2.0+] = "GPL-2.0+" -SPDXLICENSEMAP[GPL-2.0-only] = "GPL-2.0" -SPDXLICENSEMAP[GPL-3] = "GPL-3.0" -SPDXLICENSEMAP[GPLv3] = "GPL-3.0" -SPDXLICENSEMAP[GPLv3+] = "GPL-3.0+" -SPDXLICENSEMAP[GPLv3.0] = "GPL-3.0" -SPDXLICENSEMAP[GPLv3.0+] = "GPL-3.0+" -SPDXLICENSEMAP[GPL-3.0-only] = "GPL-3.0" - -#LGPL variations -SPDXLICENSEMAP[LGPLv2] = "LGPL-2.0" -SPDXLICENSEMAP[LGPLv2+] = "LGPL-2.0+" -SPDXLICENSEMAP[LGPLv2.0] = "LGPL-2.0" -SPDXLICENSEMAP[LGPL-2.0-only] = "LGPL-2.0" -SPDXLICENSEMAP[LGPL2.1] = "LGPL-2.1" -SPDXLICENSEMAP[LGPLv2.1] = "LGPL-2.1" -SPDXLICENSEMAP[LGPLv2.1+] = "LGPL-2.1+" -SPDXLICENSEMAP[LGPL-2.1-only] = "LGPL-2.1" -SPDXLICENSEMAP[LGPLv3] = "LGPL-3.0" -SPDXLICENSEMAP[LGPLv3+] = "LGPL-3.0+" -SPDXLICENSEMAP[LGPL-3.0-only] = "LGPL-3.0" - -#MPL variations +SPDXLICENSEMAP[GPL-1] = "GPL-1.0-only" +SPDXLICENSEMAP[GPL-1+] = "GPL-1.0-or-later" +SPDXLICENSEMAP[GPLv1] = "GPL-1.0-only" +SPDXLICENSEMAP[GPLv1+] = "GPL-1.0-or-later" +SPDXLICENSEMAP[GPLv1.0] = "GPL-1.0-only" +SPDXLICENSEMAP[GPLv1.0+] = "GPL-1.0-or-later" +SPDXLICENSEMAP[GPL-1.0] = "GPL-1.0-only" +SPDXLICENSEMAP[GPL-1.0+] = "GPL-1.0-or-later" +SPDXLICENSEMAP[GPL-2] = "GPL-2.0-only" +SPDXLICENSEMAP[GPL-2+] = "GPL-2.0-or-later" +SPDXLICENSEMAP[GPLv2] = "GPL-2.0-only" +SPDXLICENSEMAP[GPLv2+] = "GPL-2.0-or-later" +SPDXLICENSEMAP[GPLv2.0] = "GPL-2.0-only" +SPDXLICENSEMAP[GPLv2.0+] = "GPL-2.0-or-later" +SPDXLICENSEMAP[GPL-2.0] = "GPL-2.0-only" +SPDXLICENSEMAP[GPL-2.0+] = "GPL-2.0-or-later" +SPDXLICENSEMAP[GPL-3] = "GPL-3.0-only" +SPDXLICENSEMAP[GPL-3+] = "GPL-3.0-or-later" +SPDXLICENSEMAP[GPLv3] = "GPL-3.0-only" +SPDXLICENSEMAP[GPLv3+] = "GPL-3.0-or-later" +SPDXLICENSEMAP[GPLv3.0] = "GPL-3.0-only" +SPDXLICENSEMAP[GPLv3.0+] = "GPL-3.0-or-later" +SPDXLICENSEMAP[GPL-3.0] = "GPL-3.0-only" +SPDXLICENSEMAP[GPL-3.0+] = "GPL-3.0-or-later" + +# LGPL variations +SPDXLICENSEMAP[LGPLv2] = "LGPL-2.0-only" +SPDXLICENSEMAP[LGPLv2+] = "LGPL-2.0-or-later" +SPDXLICENSEMAP[LGPLv2.0] = "LGPL-2.0-only" +SPDXLICENSEMAP[LGPLv2.0+] = "LGPL-2.0-or-later" +SPDXLICENSEMAP[LGPL-2.0] = "LGPL-2.0-only" +SPDXLICENSEMAP[LGPL-2.0+] = "LGPL-2.0-or-later" +SPDXLICENSEMAP[LGPL2.1] = "LGPL-2.1-only" +SPDXLICENSEMAP[LGPL2.1+] = "LGPL-2.1-or-later" +SPDXLICENSEMAP[LGPLv2.1] = "LGPL-2.1-only" +SPDXLICENSEMAP[LGPLv2.1+] = "LGPL-2.1-or-later" +SPDXLICENSEMAP[LGPL-2.1] = "LGPL-2.1-only" +SPDXLICENSEMAP[LGPL-2.1+] = "LGPL-2.1-or-later" +SPDXLICENSEMAP[LGPLv3] = "LGPL-3.0-only" +SPDXLICENSEMAP[LGPLv3+] = "LGPL-3.0-or-later" +SPDXLICENSEMAP[LGPL-3.0] = "LGPL-3.0-only" +SPDXLICENSEMAP[LGPL-3.0+] = "LGPL-3.0-or-later" + +# MPL variations SPDXLICENSEM
[OE-core][dunfell][PATCH 0/2] License backports
The following two changes backport common-licenes added after Dunfell. This fixes spdx generation issues for some recipes on Dunfell that use licenses that are not supported in licenses.conf. Colin McAllister (2): common-licenses: Backport missing licenses licenses.conf: Backport missing licenses meta/conf/licenses.conf | 114 +-- meta/files/common-licenses/0BSD | 5 + meta/files/common-licenses/ADSL | 1 + meta/files/common-licenses/AFL-1.1| 27 + meta/files/common-licenses/AGPL-1.0-only | 86 +++ meta/files/common-licenses/AGPL-1.0-or-later | 86 +++ meta/files/common-licenses/AGPL-3.0-only | 661 ++ meta/files/common-licenses/AGPL-3.0-or-later | 613 meta/files/common-licenses/AMDPLPA| 20 + meta/files/common-licenses/AML| 9 + meta/files/common-licenses/AMPAS | 13 + meta/files/common-licenses/ANTLR-PD-fallback | 7 + meta/files/common-licenses/APAFML | 3 + meta/files/common-licenses/Abstyles | 11 + meta/files/common-licenses/Adobe-2006 | 12 + meta/files/common-licenses/Adobe-Glyph| 10 + meta/files/common-licenses/Afmparse | 10 + meta/files/common-licenses/Aladdin| 62 ++ meta/files/common-licenses/Artistic-1.0-Perl | 51 ++ meta/files/common-licenses/Artistic-1.0-cl8 | 51 ++ meta/files/common-licenses/BSD-2-Clause-Views | 11 + .../common-licenses/BSD-3-Clause-Attribution | 11 + meta/files/common-licenses/BSD-3-Clause-Clear | 32 + meta/files/common-licenses/BSD-3-Clause-LBNL | 12 + .../common-licenses/BSD-3-Clause-Modification | 35 + .../BSD-3-Clause-No-Military-License | 16 + .../BSD-3-Clause-No-Nuclear-License | 14 + .../BSD-3-Clause-No-Nuclear-License-2014 | 16 + .../BSD-3-Clause-No-Nuclear-Warranty | 14 + .../common-licenses/BSD-3-Clause-Open-MPI | 34 + .../common-licenses/BSD-4-Clause-Shortened| 13 + meta/files/common-licenses/BSD-4-Clause-UC| 15 + meta/files/common-licenses/BSD-Protection | 53 ++ meta/files/common-licenses/BSD-Source-Code| 10 + meta/files/common-licenses/BUSL-1.1 | 72 ++ meta/files/common-licenses/Bahyph | 11 + meta/files/common-licenses/Barr | 1 + meta/files/common-licenses/Beerware | 1 + meta/files/common-licenses/BitTorrent-1.0 | 330 + meta/files/common-licenses/BitTorrent-1.1 | 137 meta/files/common-licenses/BlueOak-1.0.0 | 55 ++ meta/files/common-licenses/Borceux| 19 + meta/files/common-licenses/C-UDA-1.0 | 47 ++ meta/files/common-licenses/CAL-1.0| 354 ++ .../CAL-1.0-Combined-Work-Exception | 354 ++ meta/files/common-licenses/CC-BY-2.5-AU | 112 +++ meta/files/common-licenses/CC-BY-3.0-AT | 111 +++ meta/files/common-licenses/CC-BY-3.0-DE | 109 +++ meta/files/common-licenses/CC-BY-3.0-NL | 97 +++ meta/files/common-licenses/CC-BY-3.0-US | 83 +++ meta/files/common-licenses/CC-BY-4.0 | 156 + meta/files/common-licenses/CC-BY-NC-3.0-DE| 110 +++ meta/files/common-licenses/CC-BY-NC-4.0 | 158 + meta/files/common-licenses/CC-BY-NC-ND-3.0-DE | 101 +++ .../files/common-licenses/CC-BY-NC-ND-3.0-IGO | 99 +++ meta/files/common-licenses/CC-BY-NC-ND-4.0| 155 meta/files/common-licenses/CC-BY-NC-SA-2.0-FR | 93 +++ meta/files/common-licenses/CC-BY-NC-SA-2.0-UK | 149 meta/files/common-licenses/CC-BY-NC-SA-3.0-DE | 126 .../files/common-licenses/CC-BY-NC-SA-3.0-IGO | 105 +++ meta/files/common-licenses/CC-BY-NC-SA-4.0| 170 + meta/files/common-licenses/CC-BY-ND-3.0-DE| 101 +++ meta/files/common-licenses/CC-BY-ND-4.0 | 154 meta/files/common-licenses/CC-BY-SA-2.0-UK| 147 meta/files/common-licenses/CC-BY-SA-2.1-JP| 83 +++ meta/files/common-licenses/CC-BY-SA-3.0-AT| 139 meta/files/common-licenses/CC-BY-SA-3.0-DE| 136 meta/files/common-licenses/CC-PDDC| 8 + meta/files/common-licenses/CDDL-1.1 | 123 meta/files/common-licenses/CDL-1.0| 53 ++ .../files/common-licenses/CDLA-Permissive-1.0 | 85 +++ .../files/common-licenses/CDLA-Permissive-2.0 | 35 + meta/files/common-licenses/CDLA-Sharing-1.0 | 89 +++ meta/files/common-licenses/CECILL-1.1 | 229 ++ meta/files/common-licenses/CECILL-2.1 | 518 ++ meta/files/common-licenses/CERN-OHL-1.1 | 47 ++ meta/files/common-licenses/CERN-OHL-1.2 | 49 ++ meta/files/common-licenses/CERN-OHL-P-2.0 | 199 ++ meta/files/common-licenses/CERN-OHL-S-2.0 | 289 meta/files/common-licenses/CERN-OHL-W-2.0 | 310 meta/files/common-licenses/CNRI-Jython| 12 + meta/files/common-licenses/CNRI-Python| 25
[OE-core] [PATCH] initscripts: Add custom mount args for /var/lib
Adds bitbake variable to set additional mount flags for the /var/lib
overlayfs or bind mount when using a read-only root filesystem. This
can be used to set additional options like "-o nodev".
Signed-off-by: Colin McAllister
---
.../initscripts/initscripts-1.0/read-only-rootfs-hook.sh | 4 ++--
meta/recipes-core/initscripts/initscripts_1.0.bb | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git
a/meta/recipes-core/initscripts/initscripts-1.0/read-only-rootfs-hook.sh
b/meta/recipes-core/initscripts/initscripts-1.0/read-only-rootfs-hook.sh
index 6706a117f7..a29773647f 100644
--- a/meta/recipes-core/initscripts/initscripts-1.0/read-only-rootfs-hook.sh
+++ b/meta/recipes-core/initscripts/initscripts-1.0/read-only-rootfs-hook.sh
@@ -37,9 +37,9 @@ if [ "$1" = "start" ] ; then
mkdir -p /var/volatile/.lib-work
# Try to mount using overlay, which is much faster than copying
# files. If that fails, fallback to the slower copy
- if ! mount -t overlay overlay
-olowerdir=/var/lib,upperdir=/var/volatile/lib,workdir=/var/volatile/.lib-work
/var/lib > /dev/null 2>&1; then
+ if ! mount -t overlay overlay SED_VARLIBMOUNTARGS
-olowerdir=/var/lib,upperdir=/var/volatile/lib,workdir=/var/volatile/.lib-work
/var/lib > /dev/null 2>&1; then
cp -a /var/lib/* /var/volatile/lib
- mount --bind /var/volatile/lib /var/lib
+ mount SED_VARLIBMOUNTARGS --bind /var/volatile/lib
/var/lib
fi
fi
fi
diff --git a/meta/recipes-core/initscripts/initscripts_1.0.bb
b/meta/recipes-core/initscripts/initscripts_1.0.bb
index 4b34c6a67f..e61ac554f3 100644
--- a/meta/recipes-core/initscripts/initscripts_1.0.bb
+++ b/meta/recipes-core/initscripts/initscripts_1.0.bb
@@ -58,10 +58,12 @@ FILES:${PN}-functions = "${sysconfdir}/init.d/functions*"
FILES:${PN}-sushell = "${base_sbindir}/sushell"
HALTARGS ?= "-d -f"
+VARLIBMOUNTARGS ?= ""
do_configure() {
sed -i -e "s:SED_HALTARGS:${HALTARGS}:g" ${WORKDIR}/halt
sed -i -e "s:SED_HALTARGS:${HALTARGS}:g" ${WORKDIR}/reboot
+ sed -i -e "s:SED_VARLIBMOUNTARGS:${VARLIBMOUNTARGS}:g"
${WORKDIR}/read-only-rootfs-hook.sh
}
do_install () {
--
2.43.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194403):
https://lists.openembedded.org/g/openembedded-core/message/194403
Mute This Topic: https://lists.openembedded.org/mt/103984064/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [dunfell][PATCH v4] libwebp: Fix CVE-2023-5129
Add patch from libwebp 1.1.0 to fix CVE-2023-5129.
Signed-off-by: Colin McAllister
---
.../webp/files/CVE-2023-5129.patch| 364 ++
meta/recipes-multimedia/webp/libwebp_1.1.0.bb | 1 +
2 files changed, 365 insertions(+)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..eb77e193c2
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 12b11893edf6c201710ebeee7c84743a8573fad6 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+Upstream-Status: Backport
[https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76]
+Signed-off-by: Colin McAllister
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 93615d4e..0d38314d 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++
[OE-core] [mickledore][PATCH v2] libwebp: Fix CVE-2023-5129
Add patch for Libwebp 1.3.1 to fix CVE-2023-5129.
Signed-off-by: Colin McAllister
---
.../webp/files/CVE-2023-5129.patch| 364 ++
meta/recipes-multimedia/webp/libwebp_1.3.1.bb | 4 +-
2 files changed, 367 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..b246ed42f9
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 6c928321f47ba69022cd4d814433f365dea63478 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+Upstream-Status: Backport
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+Signed-off-by: Colin McAllister
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index c0ea0181..7995313f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++
[OE-core] [kirkstone][PATCH v4] libwebp: Fix CVE-2023-5129
Add patch from libwebp 1.2.4 to fix CVE-2023-5129
Signed-off-by: Colin McAllister
---
.../webp/files/CVE-2023-5129.patch| 364 ++
meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 1 +
2 files changed, 365 insertions(+)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..356806ad87
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 383b8b4eb6780d855e8a8177fbce96ab39dba6a5 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+Upstream-Status: Backport
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+Signed-off-by: Colin McAllister
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++
[OE-core] [kirkstone][PATCH v3] libwebp: Fix CVE-2023-5129
Add patch from libwebp 1.2.4 to fix CVE-2023-5129
Signed-off-by: Colin McAllister
---
.../webp/files/CVE-2023-5129.patch| 364 ++
meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 1 +
2 files changed, 365 insertions(+)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..401fa370d4
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 383b8b4eb6780d855e8a8177fbce96ab39dba6a5 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+
+Upstream-Status: Backport
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)
[OE-core] [dunfell][PATCH v3] libwebp: Fix CVE-2023-5129
Add patch from libwebp 1.1.0 to fix CVE-2023-5129.
Signed-off-by: Colin McAllister
---
.../webp/files/CVE-2023-5129.patch| 364 ++
meta/recipes-multimedia/webp/libwebp_1.1.0.bb | 1 +
2 files changed, 365 insertions(+)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..49eca4de5e
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 12b11893edf6c201710ebeee7c84743a8573fad6 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+
+Upstream-Status: Backport
[https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76]
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 93615d4e..0d38314d 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)
[OE-core] [kirkstone][PATCH v2] libwebp: Fix CVE-2024-5129
Add patch from libwebp 1.2.4 to fix CVE-2023-5129
Signed-off-by: Colin McAllister
---
.../webp/files/CVE-2023-5129.patch| 364 ++
meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 1 +
2 files changed, 365 insertions(+)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..401fa370d4
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 383b8b4eb6780d855e8a8177fbce96ab39dba6a5 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+
+Upstream-Status: Backport
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)
[OE-core] [mickledore][PATCH] libwebp: Fix CVE-2023-5129
Add patch for Libwebp 1.3.1 to fix CVE-2023-5129.
Signed-off-by: Colin McAllister
---
.../webp/files/CVE-2023-5129.patch| 364 ++
meta/recipes-multimedia/webp/libwebp_1.3.1.bb | 4 +-
2 files changed, 367 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..930b2ae459
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,364 @@
+From 6c928321f47ba69022cd4d814433f365dea63478 Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+
+CVE: CVE-2023-5129
+
+Upstream-Status: Backport
[https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a]
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index c0ea0181..7995313f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++
Re: [OE-core] [PATCH] libwebp: upgrade 1.3.1 -> 1.3.2
I must not have gotten enough sleep last night. Please disregard this change.
From: openembedded-core@lists.openembedded.org
on behalf of Colin McAllister via
lists.openembedded.org
Sent: Tuesday, September 26, 2023 16:38
To: openembedded-core@lists.openembedded.org
Cc: McAllister, Colin
Subject: [OE-core] [PATCH] libwebp: upgrade 1.3.1 -> 1.3.2
CAUTION - EXTERNAL EMAIL: Do not click any links or open any attachments unless
you trust the sender and know the content is safe.
Upgrades libwebp to the latest version to fix CVE-2023-5129.
Change-Id: I061fcda90c7720bc41a575551b399a6f36dfd534
---
.../webp/{libwebp_1.3.1.bb => libwebp_1.3.2.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename meta/recipes-multimedia/webp/{libwebp_1.3.1.bb => libwebp_1.3.2.bb}
(100%)
diff --git a/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
b/meta/recipes-multimedia/webp/libwebp_1.3.2.bb
similarity index 100%
rename from meta/recipes-multimedia/webp/libwebp_1.3.1.bb
rename to meta/recipes-multimedia/webp/libwebp_1.3.2.bb
--
2.42.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188282):
https://lists.openembedded.org/g/openembedded-core/message/188282
Mute This Topic: https://lists.openembedded.org/mt/101606036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [nanbield][PATCH] libwebp: Fix CVE-2023-5129
Add patch from libwebp 1.3.1 branch to fix CVE-2023-5129.
---
.../webp/files/CVE-2023-5129.patch| 361 ++
meta/recipes-multimedia/webp/libwebp_1.3.1.bb | 4 +-
2 files changed, 364 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..c9dffee313
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,361 @@
+From c61154f0bf1ff2ddb63e910f0ddbbfadc5ffccbd Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index c0ea0181..7995313f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
+ goto Error;
+ }
+
+- huffman_table = huffman_tables;
+ for (i = 0; i <
Re: [OE-core] [dunfell][PATCH] libwebp: Fix CVE-2023-5129
Hi Ross,
Sure thing. I just sent up a patch that upgrades master to Libwebp 1.3.2, which
contains the fix for the CVE.
I will also send up a patch for Nanbield to ensure all non-EOL branches are
patched.
Regards,
Colin
From: Ross Burton
Sent: Tuesday, September 26, 2023 16:02
To: McAllister, Colin
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [dunfell][PATCH] libwebp: Fix CVE-2023-5129
CAUTION - EXTERNAL EMAIL: Do not click any links or open any attachments unless
you trust the sender and know the content is safe.
Can we also get a fix for master? It’s bad form to fix a CVE in the stable
branches without also fixing master, otherwise it’s possible that security
issues appear when you upgrade.
Ross
> On 26 Sep 2023, at 21:02, Colin McAllister via lists.openembedded.org
> wrote:
>
> Add patch from libwebp 1.1.0 branch to fix CVE-2023-5129.
> ---
> .../webp/files/CVE-2023-5129.patch| 362 ++
> 1 file changed, 362 insertions(+)
> create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
>
> diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
> b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
> new file mode 100644
> index 00..f27d773c64
> --- /dev/null
> +++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
> @@ -0,0 +1,362 @@
> +From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
> +From: Vincent Rabaud
> +Date: Thu, 7 Sep 2023 21:16:03 +0200
> +Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
> +
> +First, BuildHuffmanTable is called to check if the data is valid.
> +If it is and the table is not big enough, more memory is allocated.
> +
> +This will make sure that valid (but unoptimized because of unbalanced
> +codes) streams are still decodable.
> +
> +Bug: chromium:1479274
> +Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
> +(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
> +(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
> +---
> + src/dec/vp8l_dec.c| 46 ++-
> + src/dec/vp8li_dec.h | 2 +-
> + src/utils/huffman_utils.c | 97 +++
> + src/utils/huffman_utils.h | 27 +--
> + 4 files changed, 129 insertions(+), 43 deletions(-)
> +
> +diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
> +index 13480551..186b0b2f 100644
> +--- a/src/dec/vp8l_dec.c
> b/src/dec/vp8l_dec.c
> +@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
> + int symbol;
> + int max_symbol;
> + int prev_code_len = DEFAULT_CODE_LENGTH;
> +- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
> ++ HuffmanTables tables;
> +
> +- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
> +- code_length_code_lengths,
> +- NUM_CODE_LENGTH_CODES)) {
> ++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
> ++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
> ++ code_length_code_lengths,
> NUM_CODE_LENGTH_CODES)) {
> + goto End;
> + }
> +
> +@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
> + int code_len;
> + if (max_symbol-- == 0) break;
> + VP8LFillBitWindow(br);
> +-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
> ++p = _segment->start[VP8LPrefetchBits(br) &
> LENGTHS_TABLE_MASK];
> + VP8LSetBitPos(br, br->bit_pos_ + p->bits);
> + code_len = p->value;
> + if (code_len < kCodeLengthLiterals) {
> +@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
> + ok = 1;
> +
> + End:
> ++ VP8LHuffmanTablesDeallocate();
> + if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
> + return ok;
> + }
> +@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
> + // 'code_lengths' is pre-allocated temporary buffer, used for creating
> Huffman
> + // tree.
> + static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
> +- int* const code_lengths, HuffmanCode* const
> table) {
> ++ int* const code_lengths,
> ++ HuffmanTables* const table) {
> + int ok = 0;
> + int size = 0;
> + VP8LBitReader* const br = >br_;
> +@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
> xsize, int ysize,
> + VP8LMetadata* const hdr = >hdr_;
> + uint32_t* huffman_image = NULL;
> + HTreeGroup* htree_groups = NULL;
> +- HuffmanCode* huffman_tables = NULL;
> +- HuffmanCode* huffman_table = NULL;
> ++ HuffmanTables* huffman_tables = >huffman_tables_;
> + int
[OE-core] [PATCH] libwebp: upgrade 1.3.1 -> 1.3.2
Upgrades libwebp to the latest version to fix CVE-2023-5129.
Change-Id: I061fcda90c7720bc41a575551b399a6f36dfd534
---
.../webp/{libwebp_1.3.1.bb => libwebp_1.3.2.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename meta/recipes-multimedia/webp/{libwebp_1.3.1.bb => libwebp_1.3.2.bb}
(100%)
diff --git a/meta/recipes-multimedia/webp/libwebp_1.3.1.bb
b/meta/recipes-multimedia/webp/libwebp_1.3.2.bb
similarity index 100%
rename from meta/recipes-multimedia/webp/libwebp_1.3.1.bb
rename to meta/recipes-multimedia/webp/libwebp_1.3.2.bb
--
2.42.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188267):
https://lists.openembedded.org/g/openembedded-core/message/188267
Mute This Topic: https://lists.openembedded.org/mt/101606036/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [kirkstone][PATCH] libwebp: Fix CVE-2023-5129
Add patch from libwebp 1.2.4 branch to fix CVE-2023-5129.
Change-Id: Id9fd776e81105beba3d37564e83ade816270aedd
---
.../webp/files/CVE-2023-5129.patch| 362 ++
meta/recipes-multimedia/webp/libwebp_1.2.4.bb | 1 +
2 files changed, 363 insertions(+)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..f27d773c64
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,362 @@
+From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
+(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ =
[OE-core] [dunfell][PATCH v2] libwebp: Fix CVE-2023-5129
Add patch from libwebp 1.1.0 branch to fix CVE-2023-5129.
Change-Id: Idaabd9e118fb51a80159a25312000337427e23bf
---
.../webp/files/CVE-2023-5129.patch| 362 ++
meta/recipes-multimedia/webp/libwebp_1.1.0.bb | 1 +
2 files changed, 363 insertions(+)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..f27d773c64
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,362 @@
+From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
+(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ =
[OE-core] [dunfell][PATCH] libwebp: Fix CVE-2023-5129
Add patch from libwebp 1.1.0 branch to fix CVE-2023-5129.
---
.../webp/files/CVE-2023-5129.patch| 362 ++
1 file changed, 362 insertions(+)
create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
new file mode 100644
index 00..f27d773c64
--- /dev/null
+++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch
@@ -0,0 +1,362 @@
+From 8bacd63a6de1cc091f85a1692390401e7bbf55ac Mon Sep 17 00:00:00 2001
+From: Vincent Rabaud
+Date: Thu, 7 Sep 2023 21:16:03 +0200
+Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable.
+
+First, BuildHuffmanTable is called to check if the data is valid.
+If it is and the table is not big enough, more memory is allocated.
+
+This will make sure that valid (but unoptimized because of unbalanced
+codes) streams are still decodable.
+
+Bug: chromium:1479274
+Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741
+(cherry picked from commit 902bc9190331343b2017211debcec8d2ab87e17a)
+(cherry picked from commit 2af26267cdfcb63a88e5c74a85927a12d6ca1d76)
+---
+ src/dec/vp8l_dec.c| 46 ++-
+ src/dec/vp8li_dec.h | 2 +-
+ src/utils/huffman_utils.c | 97 +++
+ src/utils/huffman_utils.h | 27 +--
+ 4 files changed, 129 insertions(+), 43 deletions(-)
+
+diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c
+index 13480551..186b0b2f 100644
+--- a/src/dec/vp8l_dec.c
b/src/dec/vp8l_dec.c
+@@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths(
+ int symbol;
+ int max_symbol;
+ int prev_code_len = DEFAULT_CODE_LENGTH;
+- HuffmanCode table[1 << LENGTHS_TABLE_BITS];
++ HuffmanTables tables;
+
+- if (!VP8LBuildHuffmanTable(table, LENGTHS_TABLE_BITS,
+- code_length_code_lengths,
+- NUM_CODE_LENGTH_CODES)) {
++ if (!VP8LHuffmanTablesAllocate(1 << LENGTHS_TABLE_BITS, ) ||
++ !VP8LBuildHuffmanTable(, LENGTHS_TABLE_BITS,
++ code_length_code_lengths,
NUM_CODE_LENGTH_CODES)) {
+ goto End;
+ }
+
+@@ -277,7 +277,7 @@ static int ReadHuffmanCodeLengths(
+ int code_len;
+ if (max_symbol-- == 0) break;
+ VP8LFillBitWindow(br);
+-p = [VP8LPrefetchBits(br) & LENGTHS_TABLE_MASK];
++p = _segment->start[VP8LPrefetchBits(br) &
LENGTHS_TABLE_MASK];
+ VP8LSetBitPos(br, br->bit_pos_ + p->bits);
+ code_len = p->value;
+ if (code_len < kCodeLengthLiterals) {
+@@ -300,6 +300,7 @@ static int ReadHuffmanCodeLengths(
+ ok = 1;
+
+ End:
++ VP8LHuffmanTablesDeallocate();
+ if (!ok) dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+ return ok;
+ }
+@@ -307,7 +308,8 @@ static int ReadHuffmanCodeLengths(
+ // 'code_lengths' is pre-allocated temporary buffer, used for creating Huffman
+ // tree.
+ static int ReadHuffmanCode(int alphabet_size, VP8LDecoder* const dec,
+- int* const code_lengths, HuffmanCode* const table)
{
++ int* const code_lengths,
++ HuffmanTables* const table) {
+ int ok = 0;
+ int size = 0;
+ VP8LBitReader* const br = >br_;
+@@ -362,8 +364,7 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ VP8LMetadata* const hdr = >hdr_;
+ uint32_t* huffman_image = NULL;
+ HTreeGroup* htree_groups = NULL;
+- HuffmanCode* huffman_tables = NULL;
+- HuffmanCode* huffman_table = NULL;
++ HuffmanTables* huffman_tables = >huffman_tables_;
+ int num_htree_groups = 1;
+ int num_htree_groups_max = 1;
+ int max_alphabet_size = 0;
+@@ -372,6 +373,10 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+ int* mapping = NULL;
+ int ok = 0;
+
++ // Check the table has been 0 initialized (through InitMetadata).
++ assert(huffman_tables->root.start == NULL);
++ assert(huffman_tables->curr_segment == NULL);
++
+ if (allow_recursion && VP8LReadBits(br, 1)) {
+ // use meta Huffman codes.
+ const int huffman_precision = VP8LReadBits(br, 3) + 2;
+@@ -434,16 +439,15 @@ static int ReadHuffmanCodes(VP8LDecoder* const dec, int
xsize, int ysize,
+
+ code_lengths = (int*)WebPSafeCalloc((uint64_t)max_alphabet_size,
+ sizeof(*code_lengths));
+- huffman_tables = (HuffmanCode*)WebPSafeMalloc(num_htree_groups * table_size,
+-sizeof(*huffman_tables));
+ htree_groups = VP8LHtreeGroupsNew(num_htree_groups);
+
+- if (htree_groups == NULL || code_lengths == NULL || huffman_tables == NULL)
{
++ if (htree_groups == NULL || code_lengths == NULL ||
++ !VP8LHuffmanTablesAllocate(num_htree_groups * table_size,
++ huffman_tables)) {
+ dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
+ goto Error;
+ }
+
+- huffman_table = huffman_tables;
+ for (i = 0; i <
