Issue 403 in webp: [wasm] memory access out of bounds in VP8YuvToRgb

[jz… via monorail]

Updates:
Cc: gde...@google.com tli...@google.com
Summary: [wasm] memory access out of bounds in VP8YuvToRgb

Comment #3 on issue 403 by jz...@google.com: [wasm] memory access out of bounds in VP8YuvToRgb
https://bugs.chromium.org/p/webp/issues/detail?id=403#c3

I see failures with other images as well (scaling test.webp to various square dimensions), though depending on the ordering some will go from passing to failing and the stacktrace may change to:

RuntimeError: memory access out of bounds
at malloc (wasm-function[538]:1204)
at Object.exports.decode (index.js:21:41)
at Context.it (test.js:121:25)

Thomas I'm not familiar with the use of clang to produce wasm, could you take a look to see if the setup looks correct?

--
You received this message because:
1. The project was configured to send all issue notifications to this address

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

[li… via monorail]

Comment #4 on issue 403 by li...@folkdatorn.se: [wasm] memory access out of bounds in VP8YuvToRgb
https://bugs.chromium.org/p/webp/issues/detail?id=403#c4

Hmm, it seems like the problem is actually with my setup, and not with this library. I've tried building some other libraries and they are experiencing similar problems, so it seems more likely that the problem is somewhere else...

If you have any insight at all, I would love to hear it! But feel free to close this issue :)

> [...] will go from passing to failing and the stacktrace may change to

Would you mind sharing the image that produced that stack trace, I think it would be very helpful to see a direct call to malloc that fails!

Thanks!

[jz… via monorail]

Comment #6 on issue 403 by jz...@google.com: [wasm] memory access out of bounds in VP8YuvToRgb
https://bugs.chromium.org/p/webp/issues/detail?id=403#c6

Attached is test.webp scaled to 512x512. With this inserted before 1.webp in test.js I see:

1) WebP
decodes "test-512x512.webp":
RuntimeError: memory access out of bounds
at VP8YuvToRgb (wasm-function[416]:95)
at VP8YuvToRgba (wasm-function[415]:135)
at UpsampleRgbaLinePair_C (wasm-function[439]:739)
at EmitFancyRGB (wasm-function[94]:1110)
at CustomPut (wasm-function[87]:305)
at FinishRow (wasm-function[66]:2734)
at VP8ProcessRow (wasm-function[64]:383)
at ParseFrame (wasm-function[145]:494)
at VP8Decode (wasm-function[144]:466)
at DecodeInto (wasm-function[228]:754)
at Decode (wasm-function[230]:375)
at WebPDecodeRGBA (wasm-function[233]:106)
at Object.exports.decode (index.js:31:42)
at Context.it (test.js:25:25)

2) WebP
decodes "1.webp":

RuntimeError: memory access out of bounds
at malloc (wasm-function[538]:1204)
at Object.exports.decode (index.js:21:41)

at Context.it (test.js:33:25)

Attachments:
test.js.diff 610 bytes
test-512x512.webp 7.3 KB

[tliv… via monorail]

Comment #7 on issue 403 by tli...@google.com: [wasm] memory access out of bounds in VP8YuvToRgb
https://bugs.chromium.org/p/webp/issues/detail?id=403#c7

Not sure if anything has changed upstream, but I am not reproducing this bug locally. `make test` shows 1 passing. My node version is v8.11.0.

[jz… via monorail]

Comment #8 on issue 403 by jz...@google.com: [wasm] memory access out of bounds in VP8YuvToRgb
https://bugs.chromium.org/p/webp/issues/detail?id=403#c8

Thanks for checking Thomas. I was using v10.8.0 and the original report was with 10.11.0.

[li… via monorail]

Comment #9 on issue 403 by li...@folkdatorn.se: [wasm] memory access out of bounds in VP8YuvToRgb
https://bugs.chromium.org/p/webp/issues/detail?id=403#c9

> Not sure if anything has changed upstream, but I am not reproducing this bug locally. `make test` shows 1 passing. My node version is v8.11.0.

Be sure to check out the branch called `yuv-bug`, that's the one that has an image that triggers the bug.

I'm quite positive that there isn't a problem in libwebp though, since what is probably the same issue can be triggered directly in malloc.

Really appreciate the time you all have put into this!

[tliv… via monorail]

Comment #10 on issue 403 by tli...@google.com: [wasm] memory access out of bounds in VP8YuvToRgb
https://bugs.chromium.org/p/webp/issues/detail?id=403#c10

> Be sure to check out the branch called `yuv-bug`, that's the one that has an image that triggers the bug.

Oops. Yes, I see the failure now. Will look deeper and report back.

[jz… via monorail]

Updates:
Status: Invalid

Comment #11 on issue 403 by jz...@google.com: [wasm] memory access out of bounds in VP8YuvToRgb
https://bugs.chromium.org/p/webp/issues/detail?id=403#c11

Closing this one as invalid, if you run into any new issues with libwebp+wasm please feel free to file a new bug.