x/image/webp: excessive memory consumption (2)

[dvyukov]

The following program crashes as follows:

package main

import (
    "bytes"
    "fmt"
    "golang.org/x/image/webp"
)

func main() {
    cfg, err := webp.DecodeConfig(bytes.NewReader(data))
    if err != nil {
        return
    }
    fmt.Printf("decoding %+v\n", cfg)
    webp.Decode(bytes.NewReader(data))
}

var data = []byte("RIFF,-\x00\x00WEBPVP8X\n\x00\x00\x00" +
    "\x10\x00\x00\x00\x8f\x01\x00,\x01\x00VP8X\n\x00\x00\x00\x10\xb2" +
    "\x01\x00\x00WEB\x01\x00VP8X\n\x00\x00\x00\x10\xb2\x01\x00" +
    "\x00WEB\x01\x00VP8X\n\x00\x00\x00\x10\xb2\x01\x00\x00W" +
    "EB\x01\x00VP8X\n\x00\x00\x00\x10\xb2\x01\x00\x00WEB" +
    "\x01\x00VP8X\n\x00\x00\x00\x10\x00\x90X\x00\x00WEB\x00" +
    "ALPHPVP8X\n\x00\x00\x00\x10\x00\x00\x00\x8f\x01\x00" +
    ",\x01\x00VP8X\n\x00\x00\x00\x10\xb2\x01\x00\x00WEB\x01" +
    "\x00VP8X\n\x00\x00\x00\x10\xb2\x01\x00\x00WE\u007f\x00\x00\x00" +
    "P893\n\x00\x00\x00\x10\xb2\x01\x00\x00WEB\x01\x00VP" +
    "8X\n\x00\x00\x00\x10\xb2\x01\x00\x00WEB\x01\x00VP8X" +
    "\n\x00\x00\x00")

decoding {ColorModel:0xc8200d0068 Width:400 Height:301}
fatal error: runtime: out of memory

runtime.mallocgc(0x1685ca4246, 0x4ecfc0, 0xc800000001, 0x5f03c0)
    src/runtime/malloc.go:635 +0x972 fp=0xc82007da68 sp=0xc82007d998
runtime.newarray(0x4ecfc0, 0x1685ca4246, 0x1)
    src/runtime/malloc.go:759 +0xc9 fp=0xc82007daa8 sp=0xc82007da68
runtime.makeslice(0x4e5a40, 0x1685ca4246, 0x1685ca4246, 0x0, 0x0, 0x0)
    src/runtime/slice.go:32 +0x165 fp=0xc82007daf8 sp=0xc82007daa8
golang.org/x/image/webp.readAlpha(0x7f3f3e111260, 0xc8200d00b0, 0x424500570000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/golang.org/x/image/webp/decode.go:161 +0xa9 fp=0xc82007dc28 sp=0xc82007daf8
golang.org/x/image/webp.decode(0x7f3f3e111238, 0xc8200ae270, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
    src/golang.org/x/image/webp/decode.go:73 +0x56c fp=0xc82007ddd8 sp=0xc82007dc28
golang.org/x/image/webp.Decode(0x7f3f3e111238, 0xc8200ae270, 0x0, 0x0, 0x0, 0x0)
    src/golang.org/x/image/webp/decode.go:259 +0x52 fp=0xc82007de38 sp=0xc82007ddd8
main.main()
    webp.go:15 +0x2da fp=0xc82007df50 sp=0xc82007de38

Image size is 400x301, but the code tries to allocate 96 gigs of memory for decoding. This looks wrong.

on commit eb11b45157c1b71f30b3cec66306f1cd779a689e

[changkun]

This issue was related to #16236, and got fixed in CL 24638. So, this can be closed.

[ianlancetaylor]

Thanks, closing.