commit 24e310554f07c0fdb8ee52e3e708e4f3e9eb6e20
author Jonathan Wright <jonathan.wright@arm.com> Mon Apr 26 12:10:48 2021 +0100
committer Jonathan Wright <jonathan.wright@arm.com> Mon Apr 26 18:48:29 2021 +0100
tree c91bdc02025df46e32f5b7e6b6ef42c2b0db476f
parent 7b4981b6500ccba10733c352b9ed2dad14ce3c73

Update libjpeg-turbo to stable release 2.1.0

Update Chromium's copy of libjpeg-turbo to the latest upstream stable
release (v2.1.0) and re-apply our local changes documented in
README.chromium.

This upstream release fixes a long-standing libjpeg6b compatability
issue[1] meaning we can dispense with the locally-applied workaround.

[1] http://crbug.com/398235

Change-Id: Icae6741f49d4ae8bc12ccfcbef416fb6a6fa16f1

rdtarga.c

diff --git a/rdtarga.c b/rdtarga.c
index c17073f..8f2d031 100644
--- a/rdtarga.c
+++ b/rdtarga.c
@@ -5,7 +5,7 @@
  * Copyright (C) 1991-1996, Thomas G. Lane.
  * Modified 2017 by Guido Vollbeding.
  * libjpeg-turbo Modifications:
- * Copyright (C) 2018, D. R. Commander.
+ * Copyright (C) 2018, 2021, D. R. Commander.
  * For conditions of distribution and use, see the accompanying README.ijg
  * file.
  *
@@ -363,6 +363,11 @@
       interlace_type != 0 ||      /* currently don't allow interlaced image */
       width == 0 || height == 0)  /* image width/height must be non-zero */
     ERREXIT(cinfo, JERR_TGA_BADPARMS);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+  if (sinfo->max_pixels &&
+      (unsigned long long)width * height > sinfo->max_pixels)
+    ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+#endif
 
   if (subtype > 8) {
     /* It's an RLE-coded file */
@@ -493,6 +498,9 @@
   /* Fill in method ptrs, except get_pixel_rows which start_input sets */
   source->pub.start_input = start_input_tga;
   source->pub.finish_input = finish_input_tga;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+  source->pub.max_pixels = 0;
+#endif
 
   return (cjpeg_source_ptr)source;
 }