Fix potential overflow in FramesAreSimilar

Bug: 496807858

Change-Id: Idc9af6f86a171322dd09e197dafbef59d5e4aa53

Author: vrabaud

examples/anim_diff.c

@@ -70,8 +70,10 @@ static int FramesAreSimilar(const uint8_t* const rgba1,
   for (j = 0; j < height; ++j) {
     for (i = 0; i < width; ++i) {
       const int stride = width * 4;
-      const size_t offset = j * stride + i;
-      if (!PixelsAreSimilar(rgba1[offset], rgba2[offset], max_allowed_diff)) {
+      size_t offset_row, offset;
+      if (!CheckMultiplicationOverflow(j, stride, &offset_row) ||
+          !CheckAdditionOverflow(offset_row, i, &offset) ||
+          !PixelsAreSimilar(rgba1[offset], rgba2[offset], max_allowed_diff)) {
         return 0;
       }
     }

examples/anim_util.c

@@ -102,10 +102,8 @@ int CheckMultiplicationOverflow(uint32_t val1, uint32_t val2, size_t* product) {
   return 0;
 }
 
-#if defined(WEBP_HAVE_GIF)
-
 WEBP_NODISCARD
-static int CheckAdditionOverflow(size_t val1, uint32_t val2, size_t* addition) {
+int CheckAdditionOverflow(size_t val1, uint32_t val2, size_t* addition) {
   const uint64_t size = (uint64_t)val1 + val2;
   if (CheckSizeForOverflow(size)) {
     *addition = (size_t)size;
@@ -114,6 +112,8 @@ static int CheckAdditionOverflow(size_t val1, uint32_t val2, size_t* addition) {
   return 0;
 }
 
+#if defined(WEBP_HAVE_GIF)
+
 // For the GIF functions below, the width, height, x_offset, y_offset fit on 16
 // bits (but can fill the 16 bits) as per the GIF specification.
 // Multiplications that can overflow are cast to 64 bits.

examples/anim_util.h

@@ -73,6 +73,9 @@ void GetAnimatedImageVersions(int* const decoder_version,
 // Check whether val1 * val2 fits in a size_t. Returns 1 on success.
 int CheckMultiplicationOverflow(uint32_t val1, uint32_t val2, size_t* product);
 
+// Check whether val1 + val2 fits in a size_t. Returns 1 on success.
+int CheckAdditionOverflow(size_t val1, uint32_t val2, size_t* addition);
+
 #ifdef __cplusplus
 }  // extern "C"
 #endif