Snap for 9677097 from 9af975127f7094b2e5c3023ecfecaa49e4101a4b to udc-d1-releaseandroid-14.0.0_r9android-14.0.0_r8android-14.0.0_r7android-14.0.0_r6android-14.0.0_r5android-14.0.0_r4android-14.0.0_r3android-14.0.0_r11android-14.0.0_r10android14-d1-s7-releaseandroid14-d1-s6-releaseandroid14-d1-s5-releaseandroid14-d1-s4-releaseandroid14-d1-s3-releaseandroid14-d1-s2-releaseandroid14-d1-s1-release

Change-Id: Idefcacb19698d07176ef24431c9a12beda8c2b90

8 files changed, 37 insertions, 12 deletions

diff --git a/.style.yapf b/.style.yapf
index 47ca4cce..0be981a4 100644
--- a/.style.yapf
+++ b/.style.yapf
@@ -1,2 +1,2 @@
 [style]
-based_on_style = chromium
\ No newline at end of file
+based_on_style = yapf
\ No newline at end of file
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0a5af428..f378db5b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -101,7 +101,7 @@ endif()
 include(cmake/deps.cmake)
 include(GNUInstallDirs)
 
-if(BUILD_SHARED_LIBS AND NOT CMAKE_INSTALL_RPATH)
+if(BUILD_SHARED_LIBS AND NOT DEFINED CMAKE_INSTALL_RPATH)
   # Set the rpath to match autoconf/libtool behavior. Note this must be set
   # before target creation.
   set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
diff --git a/src/demux/libwebpdemux.pc.in b/src/demux/libwebpdemux.pc.in
index 15ed1763..4da2e40a 100644
--- a/src/demux/libwebpdemux.pc.in
+++ b/src/demux/libwebpdemux.pc.in
@@ -6,6 +6,6 @@ includedir=@includedir@
 Name: libwebpdemux
 Description: Library for parsing the WebP graphics format container
 Version: @PACKAGE_VERSION@
-Requires: libwebp >= 0.2.0
+Requires.private: libwebp >= 0.2.0
 Cflags: -I${includedir}
 Libs: -L${libdir} -l@webp_libname_prefix@webpdemux
diff --git a/src/enc/alpha_enc.c b/src/enc/alpha_enc.c
index f7c02690..7d205586 100644
--- a/src/enc/alpha_enc.c
+++ b/src/enc/alpha_enc.c
@@ -13,6 +13,7 @@
 
 #include <assert.h>
 #include <stdlib.h>
+#include <string.h>
 
 #include "src/enc/vp8i_enc.h"
 #include "src/dsp/dsp.h"
@@ -148,6 +149,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
       }
     } else {
       VP8LBitWriterWipeOut(&tmp_bw);
+      memset(&result->bw, 0, sizeof(result->bw));
       return 0;
     }
   }
@@ -162,7 +164,7 @@ static int EncodeAlphaInternal(const uint8_t* const data, int width, int height,
   header = method | (filter << 2);
   if (reduce_levels) header |= ALPHA_PREPROCESSED_LEVELS << 4;
 
-  VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size);
+  if (!VP8BitWriterInit(&result->bw, ALPHA_HEADER_LEN + output_size)) ok = 0;
   ok = ok && VP8BitWriterAppend(&result->bw, &header, ALPHA_HEADER_LEN);
   ok = ok && VP8BitWriterAppend(&result->bw, output, output_size);
 
diff --git a/src/enc/vp8l_enc.c b/src/enc/vp8l_enc.c
index 0b07e529..cb5549af 100644
--- a/src/enc/vp8l_enc.c
+++ b/src/enc/vp8l_enc.c
@@ -259,6 +259,7 @@ static int PaletteSortModifiedZeng(
     return 0;
   }
   if (!CoOccurrenceBuild(pic, palette_sorted, num_colors, cooccurrence)) {
+    WebPSafeFree(cooccurrence);
     return 0;
   }
 
diff --git a/src/libwebp.pc.in b/src/libwebp.pc.in
index a755b54e..783090ef 100644
--- a/src/libwebp.pc.in
+++ b/src/libwebp.pc.in
@@ -6,7 +6,7 @@ includedir=@includedir@
 Name: libwebp
 Description: Library for the WebP graphics format
 Version: @PACKAGE_VERSION@
-Requires: libsharpyuv
+Requires.private: libsharpyuv
 Cflags: -I${includedir}
 Libs: -L${libdir} -l@webp_libname_prefix@webp
 Libs.private: -lm @PTHREAD_CFLAGS@ @PTHREAD_LIBS@
diff --git a/src/mux/libwebpmux.pc.in b/src/mux/libwebpmux.pc.in
index 9d4d6e1e..c770daaf 100644
--- a/src/mux/libwebpmux.pc.in
+++ b/src/mux/libwebpmux.pc.in
@@ -6,7 +6,7 @@ includedir=@includedir@
 Name: libwebpmux
 Description: Library for manipulating the WebP graphics format container
 Version: @PACKAGE_VERSION@
-Requires: libwebp >= 0.2.0
+Requires.private: libwebp >= 0.2.0
 Cflags: -I${includedir}
 Libs: -L${libdir} -l@webp_libname_prefix@webpmux
 Libs.private: -lm
diff --git a/tests/fuzzer/advanced_api_fuzzer.c b/tests/fuzzer/advanced_api_fuzzer.c
index a5323e4d..1378d0bc 100644
--- a/tests/fuzzer/advanced_api_fuzzer.c
+++ b/tests/fuzzer/advanced_api_fuzzer.c
@@ -14,13 +14,14 @@
 //
 ////////////////////////////////////////////////////////////////////////////////
 
+#include <stdint.h>
 #include <string.h>
 
 #include "./fuzz_utils.h"
+#include "src/utils/rescaler_utils.h"
 #include "src/webp/decode.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
-  int i;
   WebPDecoderConfig config;
   if (!WebPInitDecoderConfig(&config)) return 0;
   if (WebPGetFeatures(data, size, &config.input) != VP8_STATUS_OK) return 0;
@@ -62,17 +63,38 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
   config.output.colorspace = (WEBP_CSP_MODE)(value % MODE_LAST);
 #endif  // WEBP_REDUCE_CSP
 
-  for (i = 0; i < 2; ++i) {
+  for (int i = 0; i < 2; ++i) {
     if (i == 1) {
       // Use the bitstream data to generate extreme ranges for the options. An
       // alternative approach would be to use a custom corpus containing webp
       // files prepended with sizeof(config.options) zeroes to allow the fuzzer
       // to modify these independently.
       const int data_offset = 50;
-      if (size > data_offset + sizeof(config.options)) {
-        memcpy(&config.options, data + data_offset, sizeof(config.options));
-      } else {
-        break;
+      if (data_offset + sizeof(config.options) >= size) break;
+      memcpy(&config.options, data + data_offset, sizeof(config.options));
+
+      // Skip easily avoidable out-of-memory fuzzing errors.
+      if (config.options.use_scaling) {
+        int scaled_width = config.options.scaled_width;
+        int scaled_height = config.options.scaled_height;
+        if (WebPRescalerGetScaledDimensions(config.input.width,
+                                            config.input.height, &scaled_width,
+                                            &scaled_height)) {
+          size_t fuzz_px_limit = kFuzzPxLimit;
+          if (scaled_width != config.input.width ||
+              scaled_height != config.input.height) {
+            // Using the WebPRescalerImport internally can significantly slow
+            // down the execution. Avoid timeouts due to that.
+            fuzz_px_limit /= 2;
+          }
+          // A big output canvas can lead to out-of-memory and timeout issues,
+          // but a big internal working buffer can too.
+          if ((uint64_t)scaled_width * scaled_height > fuzz_px_limit ||
+              (uint64_t)config.input.width * config.input.height >
+                  fuzz_px_limit) {
+            break;
+          }
+        }
       }
     }
     if (size % 3) {