Merge remote-tracking branch 'aosp/upstream-master' into update am: 7f20a9f452 am: 9d8464a28f am: 7d3c5265cd am: 06019da7af
Original change: https://android-review.googlesource.com/c/platform/external/libjpeg-turbo/+/1698875
Change-Id: I19e1c60c5ed23440ea8d68b527979e662cd24ddd
diff --git a/BUILD.gn b/BUILD.gn
index 5befffd..d980299 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -21,6 +21,7 @@
"jpeglib.h",
"jpeglibmangler.h",
]
+ defines = [ "MANGLE_JPEG_NAMES" ]
}
if (current_cpu == "x86" || current_cpu == "x64") {
diff --git a/BUILDING.md b/BUILDING.md
index b5106ee..f91abcd 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -103,6 +103,13 @@
directory. For in-tree builds, these directories are the same.
+Ninja
+-----
+
+In all of the procedures and recipes below, replace `make` with `ninja` and
+`Unix Makefiles` with `Ninja` if using Ninja.
+
+
Build Procedure
---------------
diff --git a/ChangeLog.md b/ChangeLog.md
index 6eb06f0..498b8f2 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,56 @@
+2.1.0
+=====
+
+### Significant changes relative to 2.1 beta1
+
+1. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
+decompress certain progressive JPEG images with one or more component planes of
+width 8 or less caused a buffer overrun.
+
+2. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
+decompress a specially-crafted malformed progressive JPEG image caused the
+block smoothing algorithm to read from uninitialized memory.
+
+3. Fixed an issue in the Arm Neon SIMD Huffman encoders that caused the
+encoders to generate incorrect results when using the Clang compiler with
+Visual Studio.
+
+4. Fixed a floating point exception (CVE-2021-20205) that occurred when
+attempting to compress a specially-crafted malformed GIF image with a specified
+image width of 0 using cjpeg.
+
+5. Fixed a regression introduced by 2.0 beta1[15] whereby attempting to
+generate a progressive JPEG image on an SSE2-capable CPU using a scan script
+containing one or more scans with lengths divisible by 32 and non-zero
+successive approximation low bit positions would, under certain circumstances,
+result in an error ("Missing Huffman code table entry") and an invalid JPEG
+image.
+
+6. Introduced a new flag (`TJFLAG_LIMITSCANS` in the TurboJPEG C API and
+`TJ.FLAG_LIMIT_SCANS` in the TurboJPEG Java API) and a corresponding TJBench
+command-line argument (`-limitscans`) that causes the TurboJPEG decompression
+and transform functions/operations to return/throw an error if a progressive
+JPEG image contains an unreasonably large number of scans. This allows
+applications that use the TurboJPEG API to guard against an exploit of the
+progressive JPEG format described in the report
+["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf).
+
+7. The PPM reader now throws an error, rather than segfaulting (due to a buffer
+overrun) or generating incorrect pixels, if an application attempts to use the
+`tjLoadImage()` function to load a 16-bit binary PPM file (a binary PPM file
+with a maximum value greater than 255) into a grayscale image buffer or to load
+a 16-bit binary PGM file into an RGB image buffer.
+
+8. Fixed an issue in the PPM reader that caused incorrect pixels to be
+generated when using the `tjLoadImage()` function to load a 16-bit binary PPM
+file into an extended RGB image buffer.
+
+9. Fixed an issue whereby, if a JPEG buffer was automatically re-allocated by
+one of the TurboJPEG compression or transform functions and an error
+subsequently occurred during compression or transformation, the JPEG buffer
+pointer passed by the application was not updated when the function returned.
+
+
2.0.90 (2.1 beta1)
==================
diff --git a/LICENSE.md b/LICENSE.md
index 99c9aad..a1cdad5 100644
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -91,7 +91,7 @@
The Modified (3-clause) BSD License
===================================
-Copyright (C)2009-2020 D. R. Commander. All Rights Reserved.
+Copyright (C)2009-2021 D. R. Commander. All Rights Reserved.<br>
Copyright (C)2015 Viktor Szathmáry. All Rights Reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/METADATA b/METADATA
index 4ad1e69..f8f0c4c 100644
--- a/METADATA
+++ b/METADATA
@@ -5,7 +5,7 @@
type: GIT
value: "https://chromium.googlesource.com/chromium/deps/libjpeg_turbo"
}
- version: "07a7d24ba3c91fa695d4f2b65f0788c0c80c7928"
+ version: "764c5fca09cb558f88f3145d67b705f92ffee2d9"
license_type: NOTICE
last_upgrade_date {
year: 2021
diff --git a/README.chromium b/README.chromium
index e8b0bc6..d260cb2 100644
--- a/README.chromium
+++ b/README.chromium
@@ -1,6 +1,6 @@
Name: libjpeg-turbo
URL: https://github.com/libjpeg-turbo/libjpeg-turbo/
-Version: 2.0.90 (2.1 Beta 1)
+Version: 2.1.0
License: Custom license
License File: LICENSE.md
Security Critical: yes
@@ -8,23 +8,18 @@
Description:
This consists of the components:
-* libjpeg-turbo 2.0.90 (2.1 Beta 1)
+* libjpeg-turbo 2.1.0
* This file (README.chromium)
* A build file (BUILD.gn)
* An OWNERS file
* A codereview.settings file
* Patched header files used by Chromium
-* Additional patches cherry-picked from upstream master to fix various bugs:
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c7ca521bc85b57d41d3ad4963c13fc0100481084
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/110d8d6dcafaed517e8f77a6253169535ee3a20e
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/d2c407995992be1f128704ae2479adfd7906c158
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/74e6ea45e3547ae85cd43efcdfc24a6907a2154e
-* Deleted unused directories: ci, cmakescripts, doc, java, release, sharedlib,
- simd/loongson, simd/mips, simd/powerpc, and win
+* Deleted unused directories: cmakescripts, doc, fuzz, java, release,
+ sharedlib, simd/loongson, simd/mips, simd/powerpc, and win
* Deleted unused files: appveyor.yml, CMakeLists.txt, doxygen.config,
- doxygen-extra.css, .gitattributes, tjexample.c, tjexampletest.in,
- tjexampletest.java.in, .travis.yml
+ doxygen-extra.css, .gitattributes, md5/CMakeLists.txt, md5/md5cmp.c,
+ simd/CMakeLists.txt, tjexample.c, tjexampletest.in, tjexampletest.java.in and
+ .travis.yml
* Deleted legacy Arm Neon assembly files (supporting old compiler versions that
do not generate performant code from intrinsics):
simd/arm/aarch32/jsimd_neon.S, simd/arm/aarch64/jsimd_neon.S.
@@ -38,13 +33,6 @@
arise when system libraries attempt to use our libjpeg. Also, we applied the
following changes which are not merged to upstream:
-* Fix libjpeg_turbo svn r64 libjpeg6b compat issue: make the fast path Huffman
- decoder fallback to slow decoding if the Huffman decoding bit sentinel > 16,
- this to match the exact behavior of jpeg_huff_decode().
- http://crbug.com/398235
- The patch in the above bug removed "& 0xFF". It has been restored from
- upstream:
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/fa1d18385d904d530b4aec83ab7757a33397de6e
* Configuration files jconfig.h, jconfigint.h and neon-compat.h were generated
and then altered manually to be compatible on all of Chromium's platforms.
http://crbug.com/608347
diff --git a/cderror.h b/cderror.h
index a386b69..2844346 100644
--- a/cderror.h
+++ b/cderror.h
@@ -1,9 +1,11 @@
/*
* cderror.h
*
+ * This file was part of the Independent JPEG Group's software:
* Copyright (C) 1994-1997, Thomas G. Lane.
* Modified 2009-2017 by Guido Vollbeding.
- * This file is part of the Independent JPEG Group's software.
+ * libjpeg-turbo Modifications:
+ * Copyright (C) 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -60,6 +62,7 @@
JMESSAGE(JERR_GIF_BUG, "GIF output got confused")
JMESSAGE(JERR_GIF_CODESIZE, "Bogus GIF codesize %d")
JMESSAGE(JERR_GIF_COLORSPACE, "GIF output must be grayscale or RGB")
+JMESSAGE(JERR_GIF_EMPTY, "Empty GIF image")
JMESSAGE(JERR_GIF_IMAGENOTFOUND, "Too few images in GIF file")
JMESSAGE(JERR_GIF_NOT, "Not a GIF file")
JMESSAGE(JTRC_GIF, "%ux%ux%d GIF image")
diff --git a/cdjpeg.h b/cdjpeg.h
index 71b0c4f..082687c 100644
--- a/cdjpeg.h
+++ b/cdjpeg.h
@@ -5,7 +5,7 @@
* Copyright (C) 1994-1997, Thomas G. Lane.
* Modified 2019 by Guido Vollbeding.
* libjpeg-turbo Modifications:
- * Copyright (C) 2017, 2019, D. R. Commander.
+ * Copyright (C) 2017, 2019, 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -36,6 +36,9 @@
JSAMPARRAY buffer;
JDIMENSION buffer_height;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ JDIMENSION max_pixels;
+#endif
};
diff --git a/cjpeg.c b/cjpeg.c
index 1c2d632..66ac28f 100644
--- a/cjpeg.c
+++ b/cjpeg.c
@@ -5,7 +5,7 @@
* Copyright (C) 1991-1998, Thomas G. Lane.
* Modified 2003-2011 by Guido Vollbeding.
* libjpeg-turbo Modifications:
- * Copyright (C) 2010, 2013-2014, 2017, 2019-2020, D. R. Commander.
+ * Copyright (C) 2010, 2013-2014, 2017, 2019-2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -27,6 +27,9 @@
* works regardless of which command line style is used.
*/
+#ifdef CJPEG_FUZZER
+#define JPEG_INTERNALS
+#endif
#include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications */
#include "jversion.h" /* for version message */
#include "jconfigint.h"
@@ -142,8 +145,47 @@
static const char *progname; /* program name for error messages */
static char *icc_filename; /* for -icc switch */
static char *outfilename; /* for -outfile switch */
-static boolean memdst; /* for -memdst switch */
-static boolean report; /* for -report switch */
+boolean memdst; /* for -memdst switch */
+boolean report; /* for -report switch */
+
+
+#ifdef CJPEG_FUZZER
+
+#include <setjmp.h>
+
+struct my_error_mgr {
+ struct jpeg_error_mgr pub;
+ jmp_buf setjmp_buffer;
+};
+
+void my_error_exit(j_common_ptr cinfo)
+{
+ struct my_error_mgr *myerr = (struct my_error_mgr *)cinfo->err;
+
+ longjmp(myerr->setjmp_buffer, 1);
+}
+
+static void my_emit_message(j_common_ptr cinfo, int msg_level)
+{
+ if (msg_level < 0)
+ cinfo->err->num_warnings++;
+}
+
+#define HANDLE_ERROR() { \
+ if (cinfo.global_state > CSTATE_START) { \
+ if (memdst && outbuffer) \
+ (*cinfo.dest->term_destination) (&cinfo); \
+ jpeg_abort_compress(&cinfo); \
+ } \
+ jpeg_destroy_compress(&cinfo); \
+ if (input_file != stdin && input_file != NULL) \
+ fclose(input_file); \
+ if (memdst) \
+ free(outbuffer); \
+ return EXIT_FAILURE; \
+}
+
+#endif
LOCAL(void)
@@ -510,11 +552,16 @@
#endif
{
struct jpeg_compress_struct cinfo;
+#ifdef CJPEG_FUZZER
+ struct my_error_mgr myerr;
+ struct jpeg_error_mgr &jerr = myerr.pub;
+#else
struct jpeg_error_mgr jerr;
+#endif
struct cdjpeg_progress_mgr progress;
int file_index;
cjpeg_source_ptr src_mgr;
- FILE *input_file;
+ FILE *input_file = NULL;
FILE *icc_file;
JOCTET *icc_profile = NULL;
long icc_len = 0;
@@ -632,6 +679,13 @@
fclose(icc_file);
}
+#ifdef CJPEG_FUZZER
+ jerr.error_exit = my_error_exit;
+ jerr.emit_message = my_emit_message;
+ if (setjmp(myerr.setjmp_buffer))
+ HANDLE_ERROR()
+#endif
+
if (report) {
start_progress_monitor((j_common_ptr)&cinfo, &progress);
progress.report = report;
@@ -640,6 +694,9 @@
/* Figure out the input file format, and set up to read it. */
src_mgr = select_file_type(&cinfo, input_file);
src_mgr->input_file = input_file;
+#ifdef CJPEG_FUZZER
+ src_mgr->max_pixels = 1048576;
+#endif
/* Read the input file header to obtain file size & colorspace. */
(*src_mgr->start_input) (&cinfo, src_mgr);
@@ -658,6 +715,11 @@
#endif
jpeg_stdio_dest(&cinfo, output_file);
+#ifdef CJPEG_FUZZER
+ if (setjmp(myerr.setjmp_buffer))
+ HANDLE_ERROR()
+#endif
+
/* Start compressor */
jpeg_start_compress(&cinfo, TRUE);
@@ -685,7 +747,9 @@
end_progress_monitor((j_common_ptr)&cinfo);
if (memdst) {
+#ifndef CJPEG_FUZZER
fprintf(stderr, "Compressed size: %lu bytes\n", outsize);
+#endif
free(outbuffer);
}
diff --git a/gtest/cjpeg-gtest-wrapper.cpp b/gtest/cjpeg-gtest-wrapper.cpp
index 162e5fd..9a5e08c 100644
--- a/gtest/cjpeg-gtest-wrapper.cpp
+++ b/gtest/cjpeg-gtest-wrapper.cpp
@@ -119,7 +119,7 @@
EXPECT_EQ(cjpeg(12, command_line), 0);
// Compare expected MD5 sum against that of test image.
- const std::string EXPECTED_MD5 = "e59bb462016a8d9a748c330a3474bb55";
+ const std::string EXPECTED_MD5 = "0ba15f9dab81a703505f835f9dbbac6d";
EXPECT_TRUE(CompareFileAndMD5(output_path, EXPECTED_MD5));
}
diff --git a/jchuff.c b/jchuff.c
index e2d5772..2bce767 100644
--- a/jchuff.c
+++ b/jchuff.c
@@ -4,7 +4,7 @@
* This file was part of the Independent JPEG Group's software:
* Copyright (C) 1991-1997, Thomas G. Lane.
* libjpeg-turbo Modifications:
- * Copyright (C) 2009-2011, 2014-2016, 2018-2020, D. R. Commander.
+ * Copyright (C) 2009-2011, 2014-2016, 2018-2021, D. R. Commander.
* Copyright (C) 2015, Matthieu Darbois.
* Copyright (C) 2018, Matthias Räncker.
* Copyright (C) 2020, Arm Limited.
@@ -314,6 +314,7 @@
* this lets us detect duplicate VAL entries here, and later
* allows emit_bits to detect any attempt to emit such symbols.
*/
+ MEMZERO(dtbl->ehufco, sizeof(dtbl->ehufco));
MEMZERO(dtbl->ehufsi, sizeof(dtbl->ehufsi));
/* This is also a convenient place to check for out-of-range
diff --git a/jconfig.h b/jconfig.h
index 7d89c0e..d66ccf8 100644
--- a/jconfig.h
+++ b/jconfig.h
@@ -1,13 +1,13 @@
/* Version ID for the JPEG library.
* Might be useful for tests like "#if JPEG_LIB_VERSION >= 60".
*/
-#define JPEG_LIB_VERSION 62
+#define JPEG_LIB_VERSION 62
/* libjpeg-turbo version */
-#define LIBJPEG_TURBO_VERSION 2.0.90
+#define LIBJPEG_TURBO_VERSION 2.1.0
/* libjpeg-turbo version in integer form */
-#define LIBJPEG_TURBO_VERSION_NUMBER 2000090
+#define LIBJPEG_TURBO_VERSION_NUMBER 2001000
/* Support arithmetic encoding */
#define C_ARITH_CODING_SUPPORTED 1
@@ -30,7 +30,7 @@
* We do not support run-time selection of data precision, sorry.
*/
-#define BITS_IN_JSAMPLE 8 /* use 8 or 12 */
+#define BITS_IN_JSAMPLE 8 /* use 8 or 12 */
/* Define to 1 if you have the <locale.h> header file. */
#define HAVE_LOCALE_H 1
diff --git a/jconfigint.h b/jconfigint.h
index 62b41fc..4f23dff 100644
--- a/jconfigint.h
+++ b/jconfigint.h
@@ -1,5 +1,5 @@
/* libjpeg-turbo build number */
-#define BUILD ""
+#define BUILD ""
/* Compiler's inline keyword */
#undef inline
@@ -7,9 +7,9 @@
/* How to obtain function inlining. */
#ifndef INLINE
#if defined(__GNUC__)
-#define INLINE inline __attribute__((always_inline))
+#define INLINE inline __attribute__((always_inline))
#elif defined(_MSC_VER)
-#define INLINE __forceinline
+#define INLINE __forceinline
#else
#define INLINE
#endif
@@ -19,20 +19,20 @@
#if defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64))
#define THREAD_LOCAL __declspec(thread)
#else
-#define THREAD_LOCAL __thread
+#define THREAD_LOCAL __thread
#endif
/* Define to the full name of this package. */
-#define PACKAGE_NAME "libjpeg-turbo"
+#define PACKAGE_NAME "libjpeg-turbo"
/* Version number of package */
-#define VERSION "2.0.90"
+#define VERSION "2.1.0"
/* The size of `size_t', as computed by sizeof. */
#if __WORDSIZE==64 || defined(_WIN64)
-#define SIZEOF_SIZE_T 8
+#define SIZEOF_SIZE_T 8
#else
-#define SIZEOF_SIZE_T 4
+#define SIZEOF_SIZE_T 4
#endif
/* Define if your compiler has __builtin_ctzl() and sizeof(unsigned long) == sizeof(size_t). */
@@ -42,7 +42,7 @@
/* Define to 1 if you have the <intrin.h> header file. */
#if defined(_MSC_VER)
-#define HAVE_INTRIN_H 1
+#define HAVE_INTRIN_H 1
#endif
#if defined(_MSC_VER) && defined(HAVE_INTRIN_H)
diff --git a/jcphuff.c b/jcphuff.c
index 373d71f..bd14fc2 100644
--- a/jcphuff.c
+++ b/jcphuff.c
@@ -4,7 +4,7 @@
* This file was part of the Independent JPEG Group's software:
* Copyright (C) 1995-1997, Thomas G. Lane.
* libjpeg-turbo Modifications:
- * Copyright (C) 2011, 2015, 2018, D. R. Commander.
+ * Copyright (C) 2011, 2015, 2018, 2021, D. R. Commander.
* Copyright (C) 2016, 2018, Matthieu Darbois.
* Copyright (C) 2020, Arm Limited.
* For conditions of distribution and use, see the accompanying README.ijg
@@ -174,24 +174,26 @@
METHODDEF(int)
count_zeroes(size_t *x)
{
- int result;
#if defined(HAVE_BUILTIN_CTZL)
+ int result;
result = __builtin_ctzl(*x);
*x >>= result;
#elif defined(HAVE_BITSCANFORWARD64)
+ unsigned long result;
_BitScanForward64(&result, *x);
*x >>= result;
#elif defined(HAVE_BITSCANFORWARD)
+ unsigned long result;
_BitScanForward(&result, *x);
*x >>= result;
#else
- result = 0;
+ int result = 0;
while ((*x & 1) == 0) {
++result;
*x >>= 1;
}
#endif
- return result;
+ return (int)result;
}
@@ -865,7 +867,7 @@
#define ENCODE_COEFS_AC_REFINE(label) { \
while (zerobits) { \
- int idx = count_zeroes(&zerobits); \
+ idx = count_zeroes(&zerobits); \
r += idx; \
cabsvalue += idx; \
signbits >>= idx; \
@@ -922,7 +924,7 @@
encode_mcu_AC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data)
{
phuff_entropy_ptr entropy = (phuff_entropy_ptr)cinfo->entropy;
- register int temp, r;
+ register int temp, r, idx;
char *BR_buffer;
unsigned int BR;
int Sl = cinfo->Se - cinfo->Ss + 1;
@@ -973,7 +975,7 @@
if (zerobits) {
int diff = ((absvalues + DCTSIZE2 / 2) - cabsvalue);
- int idx = count_zeroes(&zerobits);
+ idx = count_zeroes(&zerobits);
signbits >>= idx;
idx += diff;
r += idx;
diff --git a/jdhuff.c b/jdhuff.c
index 83478f3..f786c10 100644
--- a/jdhuff.c
+++ b/jdhuff.c
@@ -540,6 +540,12 @@
}
+#if defined(__has_feature)
+#if __has_feature(undefined_behavior_sanitizer)
+__attribute__((no_sanitize("signed-integer-overflow"),
+ no_sanitize("unsigned-integer-overflow")))
+#endif
+#endif
LOCAL(boolean)
decode_mcu_slow(j_decompress_ptr cinfo, JBLOCKROW *MCU_data)
{
@@ -572,11 +578,15 @@
if (entropy->dc_needed[blkn]) {
/* Convert DC difference to actual value, update last_dc_val */
int ci = cinfo->MCU_membership[blkn];
- /* This is really just
- * s += state.last_dc_val[ci];
- * It is written this way in order to shut up UBSan.
+ /* Certain malformed JPEG images produce repeated DC coefficient
+ * differences of 2047 or -2047, which causes state.last_dc_val[ci] to
+ * grow until it overflows or underflows a 32-bit signed integer. This
+ * behavior is, to the best of our understanding, innocuous, and it is
+ * unclear how to work around it without potentially affecting
+ * performance. Thus, we (hopefully temporarily) suppress UBSan integer
+ * overflow errors for this function.
*/
- s = (int)((unsigned int)s + (unsigned int)state.last_dc_val[ci]);
+ s += state.last_dc_val[ci];
state.last_dc_val[ci] = s;
if (block) {
/* Output the DC coefficient (assumes jpeg_natural_order[0] = 0) */
@@ -662,7 +672,7 @@
d_derived_tbl *actbl = entropy->ac_cur_tbls[blkn];
register int s, k, r, l;
- HUFF_DECODE_FAST(s, l, dctbl, slow_decode_mcu);
+ HUFF_DECODE_FAST(s, l, dctbl);
if (s) {
FILL_BIT_BUFFER_FAST
r = GET_BITS(s);
@@ -671,7 +681,7 @@
if (entropy->dc_needed[blkn]) {
int ci = cinfo->MCU_membership[blkn];
- s = (int)((unsigned int)s + (unsigned int)state.last_dc_val[ci]);
+ s += state.last_dc_val[ci];
state.last_dc_val[ci] = s;
if (block)
(*block)[0] = (JCOEF)s;
@@ -680,7 +690,7 @@
if (entropy->ac_needed[blkn] && block) {
for (k = 1; k < DCTSIZE2; k++) {
- HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
+ HUFF_DECODE_FAST(s, l, actbl);
r = s >> 4;
s &= 15;
@@ -699,7 +709,7 @@
} else {
for (k = 1; k < DCTSIZE2; k++) {
- HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
+ HUFF_DECODE_FAST(s, l, actbl);
r = s >> 4;
s &= 15;
@@ -716,7 +726,6 @@
}
if (cinfo->unread_marker != 0) {
-slow_decode_mcu:
cinfo->unread_marker = 0;
return FALSE;
}
@@ -779,7 +788,8 @@
}
/* Account for restart interval (no-op if not using restarts) */
- entropy->restarts_to_go--;
+ if (cinfo->restart_interval)
+ entropy->restarts_to_go--;
return TRUE;
}
diff --git a/jdhuff.h b/jdhuff.h
index 6a3fbb5..cfa0b7f 100644
--- a/jdhuff.h
+++ b/jdhuff.h
@@ -4,7 +4,7 @@
* This file was part of the Independent JPEG Group's software:
* Copyright (C) 1991-1997, Thomas G. Lane.
* libjpeg-turbo Modifications:
- * Copyright (C) 2010-2011, 2015-2016, D. R. Commander.
+ * Copyright (C) 2010-2011, 2015-2016, 2021, D. R. Commander.
* Copyright (C) 2018, Matthias Räncker.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
@@ -217,7 +217,7 @@
} \
}
-#define HUFF_DECODE_FAST(s, nb, htbl, slowlabel) \
+#define HUFF_DECODE_FAST(s, nb, htbl) \
FILL_BIT_BUFFER_FAST; \
s = PEEK_BITS(HUFF_LOOKAHEAD); \
s = htbl->lookup[s]; \
@@ -235,8 +235,9 @@
nb++; \
} \
if (nb > 16) \
- goto slowlabel; \
- s = htbl->pub->huffval[(int)(s + htbl->valoffset[nb]) & 0xFF]; \
+ s = 0; \
+ else \
+ s = htbl->pub->huffval[(int)(s + htbl->valoffset[nb]) & 0xFF]; \
}
/* Out-of-line case for Huffman code fetching */
diff --git a/jdphuff.c b/jdphuff.c
index 0e981f2..c6d82ca 100644
--- a/jdphuff.c
+++ b/jdphuff.c
@@ -4,7 +4,7 @@
* This file was part of the Independent JPEG Group's software:
* Copyright (C) 1995-1997, Thomas G. Lane.
* libjpeg-turbo Modifications:
- * Copyright (C) 2015-2016, 2018-2020, D. R. Commander.
+ * Copyright (C) 2015-2016, 2018-2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -348,7 +348,8 @@
}
/* Account for restart interval (no-op if not using restarts) */
- entropy->restarts_to_go--;
+ if (cinfo->restart_interval)
+ entropy->restarts_to_go--;
return TRUE;
}
@@ -432,7 +433,8 @@
}
/* Account for restart interval (no-op if not using restarts) */
- entropy->restarts_to_go--;
+ if (cinfo->restart_interval)
+ entropy->restarts_to_go--;
return TRUE;
}
@@ -483,7 +485,8 @@
BITREAD_SAVE_STATE(cinfo, entropy->bitstate);
/* Account for restart interval (no-op if not using restarts) */
- entropy->restarts_to_go--;
+ if (cinfo->restart_interval)
+ entropy->restarts_to_go--;
return TRUE;
}
@@ -626,7 +629,8 @@
}
/* Account for restart interval (no-op if not using restarts) */
- entropy->restarts_to_go--;
+ if (cinfo->restart_interval)
+ entropy->restarts_to_go--;
return TRUE;
diff --git a/jpeglib.h b/jpeglib.h
index d7664f0..a717928 100644
--- a/jpeglib.h
+++ b/jpeglib.h
@@ -18,6 +18,12 @@
#ifndef JPEGLIB_H
#define JPEGLIB_H
+/* Begin chromium edits */
+#ifdef MANGLE_JPEG_NAMES
+#include "jpeglibmangler.h"
+#endif
+/* End chromium edits */
+
/*
* First we include the configuration files that record how this
* installation of the JPEG library is set up. jconfig.h can be
diff --git a/jversion.h b/jversion.h
index d1d94f5..2ab534a 100644
--- a/jversion.h
+++ b/jversion.h
@@ -4,7 +4,7 @@
* This file was part of the Independent JPEG Group's software:
* Copyright (C) 1991-2020, Thomas G. Lane, Guido Vollbeding.
* libjpeg-turbo Modifications:
- * Copyright (C) 2010, 2012-2020, D. R. Commander.
+ * Copyright (C) 2010, 2012-2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -37,7 +37,7 @@
*/
#define JCOPYRIGHT \
- "Copyright (C) 2009-2020 D. R. Commander\n" \
+ "Copyright (C) 2009-2021 D. R. Commander\n" \
"Copyright (C) 2015, 2020 Google, Inc.\n" \
"Copyright (C) 2019-2020 Arm Limited\n" \
"Copyright (C) 2015-2016, 2018 Matthieu Darbois\n" \
@@ -51,4 +51,4 @@
"Copyright (C) 1991-2020 Thomas G. Lane, Guido Vollbeding"
#define JCOPYRIGHT_SHORT \
- "Copyright (C) 1991-2020 The libjpeg-turbo Project and many others"
+ "Copyright (C) 1991-2021 The libjpeg-turbo Project and many others"
diff --git a/rdbmp.c b/rdbmp.c
index 6ba584a..358a026 100644
--- a/rdbmp.c
+++ b/rdbmp.c
@@ -6,7 +6,7 @@
* Modified 2009-2017 by Guido Vollbeding.
* libjpeg-turbo Modifications:
* Modified 2011 by Siarhei Siamashka.
- * Copyright (C) 2015, 2017-2018, D. R. Commander.
+ * Copyright (C) 2015, 2017-2018, 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -424,14 +424,14 @@
(((unsigned int)UCH(array[offset + 2])) << 16) + \
(((unsigned int)UCH(array[offset + 3])) << 24))
- unsigned int bfOffBits;
- unsigned int headerSize;
+ int bfOffBits;
+ int headerSize;
int biWidth;
int biHeight;
unsigned short biPlanes;
unsigned int biCompression;
int biXPelsPerMeter, biYPelsPerMeter;
- unsigned int biClrUsed = 0;
+ int biClrUsed = 0;
int mapentrysize = 0; /* 0 indicates no colormap */
int bPad;
JDIMENSION row_width = 0;
@@ -450,7 +450,7 @@
if (!ReadOK(source->pub.input_file, bmpinfoheader, 4))
ERREXIT(cinfo, JERR_INPUT_EOF);
headerSize = GET_4B(bmpinfoheader, 0);
- if (headerSize < 12 || headerSize > 64)
+ if (headerSize < 12 || headerSize > 64 || (headerSize + 14) > bfOffBits)
ERREXIT(cinfo, JERR_BMP_BADHEADER);
if (!ReadOK(source->pub.input_file, bmpinfoheader + 4, headerSize - 4))
ERREXIT(cinfo, JERR_INPUT_EOF);
@@ -522,6 +522,11 @@
if (biWidth <= 0 || biHeight <= 0)
ERREXIT(cinfo, JERR_BMP_EMPTY);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (sinfo->max_pixels &&
+ (unsigned long long)biWidth * biHeight > sinfo->max_pixels)
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+#endif
if (biPlanes != 1)
ERREXIT(cinfo, JERR_BMP_BADPLANES);
@@ -575,7 +580,9 @@
cinfo->input_components = 4;
else
ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE);
- row_width = (JDIMENSION)(biWidth * 3);
+ if ((unsigned long long)biWidth * 3ULL > 0xFFFFFFFFULL)
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+ row_width = (JDIMENSION)biWidth * 3;
break;
case 32:
if (cinfo->in_color_space == JCS_UNKNOWN)
@@ -586,7 +593,9 @@
cinfo->input_components = 4;
else
ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE);
- row_width = (JDIMENSION)(biWidth * 4);
+ if ((unsigned long long)biWidth * 4ULL > 0xFFFFFFFFULL)
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+ row_width = (JDIMENSION)biWidth * 4;
break;
default:
ERREXIT(cinfo, JERR_BMP_BADDEPTH);
@@ -631,7 +640,7 @@
/* Allocate one-row buffer for returned data */
source->pub.buffer = (*cinfo->mem->alloc_sarray)
((j_common_ptr)cinfo, JPOOL_IMAGE,
- (JDIMENSION)(biWidth * cinfo->input_components), (JDIMENSION)1);
+ (JDIMENSION)biWidth * (JDIMENSION)cinfo->input_components, (JDIMENSION)1);
source->pub.buffer_height = 1;
cinfo->data_precision = 8;
@@ -668,6 +677,9 @@
/* Fill in method ptrs, except get_pixel_rows which start_input sets */
source->pub.start_input = start_input_bmp;
source->pub.finish_input = finish_input_bmp;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ source->pub.max_pixels = 0;
+#endif
source->use_inversion_array = use_inversion_array;
diff --git a/rdgif.c b/rdgif.c
index e1ea56c..c814c6b 100644
--- a/rdgif.c
+++ b/rdgif.c
@@ -1,9 +1,11 @@
/*
* rdgif.c
*
+ * This file was part of the Independent JPEG Group's software:
* Copyright (C) 1991-1997, Thomas G. Lane.
* Modified 2019 by Guido Vollbeding.
- * This file is part of the Independent JPEG Group's software.
+ * libjpeg-turbo Modifications:
+ * Copyright (C) 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -404,6 +406,13 @@
ERREXIT(cinfo, JERR_INPUT_EOF);
width = LM_to_uint(hdrbuf, 0);
height = LM_to_uint(hdrbuf, 2);
+ if (width == 0 || height == 0)
+ ERREXIT(cinfo, JERR_GIF_EMPTY);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (sinfo->max_pixels &&
+ (unsigned long long)width * height > sinfo->max_pixels)
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+#endif
/* we ignore the color resolution, sort flag, and background color index */
aspectRatio = UCH(hdrbuf[6]);
if (aspectRatio != 0 && aspectRatio != 49)
@@ -446,6 +455,13 @@
/* we ignore top/left position info, also sort flag */
width = LM_to_uint(hdrbuf, 4);
height = LM_to_uint(hdrbuf, 6);
+ if (width == 0 || height == 0)
+ ERREXIT(cinfo, JERR_GIF_EMPTY);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (sinfo->max_pixels &&
+ (unsigned long long)width * height > sinfo->max_pixels)
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+#endif
source->is_interlaced = (BitSet(hdrbuf[8], INTERLACE) != 0);
/* Read local colormap if header indicates it is present */
@@ -669,6 +685,9 @@
/* Fill in method ptrs, except get_pixel_rows which start_input sets */
source->pub.start_input = start_input_gif;
source->pub.finish_input = finish_input_gif;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ source->pub.max_pixels = 0;
+#endif
return (cjpeg_source_ptr)source;
}
diff --git a/rdppm.c b/rdppm.c
index c4c937e..9699ca5 100644
--- a/rdppm.c
+++ b/rdppm.c
@@ -5,7 +5,7 @@
* Copyright (C) 1991-1997, Thomas G. Lane.
* Modified 2009 by Bill Allombert, Guido Vollbeding.
* libjpeg-turbo Modifications:
- * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * Copyright (C) 2015-2017, 2020-2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -112,11 +112,10 @@
while ((ch = pbm_getc(infile)) >= '0' && ch <= '9') {
val *= 10;
val += ch - '0';
+ if (val > maxval)
+ ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
}
- if (val > maxval)
- ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
-
return val;
}
@@ -516,6 +515,11 @@
register JSAMPLE *rescale = source->rescale;
JDIMENSION col;
unsigned int maxval = source->maxval;
+ register int rindex = rgb_red[cinfo->in_color_space];
+ register int gindex = rgb_green[cinfo->in_color_space];
+ register int bindex = rgb_blue[cinfo->in_color_space];
+ register int aindex = alpha_index[cinfo->in_color_space];
+ register int ps = rgb_pixelsize[cinfo->in_color_space];
if (!ReadOK(source->pub.input_file, source->iobuffer, source->buffer_width))
ERREXIT(cinfo, JERR_INPUT_EOF);
@@ -527,17 +531,20 @@
temp |= UCH(*bufferptr++);
if (temp > maxval)
ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
- *ptr++ = rescale[temp];
+ ptr[rindex] = rescale[temp];
temp = UCH(*bufferptr++) << 8;
temp |= UCH(*bufferptr++);
if (temp > maxval)
ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
- *ptr++ = rescale[temp];
+ ptr[gindex] = rescale[temp];
temp = UCH(*bufferptr++) << 8;
temp |= UCH(*bufferptr++);
if (temp > maxval)
ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
- *ptr++ = rescale[temp];
+ ptr[bindex] = rescale[temp];
+ if (aindex >= 0)
+ ptr[aindex] = 0xFF;
+ ptr += ps;
}
return 1;
}
@@ -579,6 +586,10 @@
if (w <= 0 || h <= 0 || maxval <= 0) /* error check */
ERREXIT(cinfo, JERR_PPM_NOT);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (sinfo->max_pixels && (unsigned long long)w * h > sinfo->max_pixels)
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+#endif
cinfo->data_precision = BITS_IN_JSAMPLE; /* we always rescale data to this */
cinfo->image_width = (JDIMENSION)w;
@@ -624,7 +635,10 @@
cinfo->in_color_space = JCS_GRAYSCALE;
TRACEMS2(cinfo, 1, JTRC_PGM, w, h);
if (maxval > 255) {
- source->pub.get_pixel_rows = get_word_gray_row;
+ if (cinfo->in_color_space == JCS_GRAYSCALE)
+ source->pub.get_pixel_rows = get_word_gray_row;
+ else
+ ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE);
} else if (maxval == MAXJSAMPLE && sizeof(JSAMPLE) == sizeof(U_CHAR) &&
cinfo->in_color_space == JCS_GRAYSCALE) {
source->pub.get_pixel_rows = get_raw_row;
@@ -647,7 +661,10 @@
cinfo->in_color_space = JCS_EXT_RGB;
TRACEMS2(cinfo, 1, JTRC_PPM, w, h);
if (maxval > 255) {
- source->pub.get_pixel_rows = get_word_rgb_row;
+ if (IsExtRGB(cinfo->in_color_space))
+ source->pub.get_pixel_rows = get_word_rgb_row;
+ else
+ ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE);
} else if (maxval == MAXJSAMPLE && sizeof(JSAMPLE) == sizeof(U_CHAR) &&
#if RGB_RED == 0 && RGB_GREEN == 1 && RGB_BLUE == 2 && RGB_PIXELSIZE == 3
(cinfo->in_color_space == JCS_EXT_RGB ||
@@ -713,6 +730,8 @@
(*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
(size_t)(((long)MAX(maxval, 255) + 1L) *
sizeof(JSAMPLE)));
+ MEMZERO(source->rescale, (size_t)(((long)MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
half_maxval = maxval / 2;
for (val = 0; val <= (long)maxval; val++) {
/* The multiplication here must be done in 32 bits to avoid overflow */
@@ -750,6 +769,9 @@
/* Fill in method ptrs, except get_pixel_rows which start_input sets */
source->pub.start_input = start_input_ppm;
source->pub.finish_input = finish_input_ppm;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ source->pub.max_pixels = 0;
+#endif
return (cjpeg_source_ptr)source;
}
diff --git a/rdtarga.c b/rdtarga.c
index c17073f..8f2d031 100644
--- a/rdtarga.c
+++ b/rdtarga.c
@@ -5,7 +5,7 @@
* Copyright (C) 1991-1996, Thomas G. Lane.
* Modified 2017 by Guido Vollbeding.
* libjpeg-turbo Modifications:
- * Copyright (C) 2018, D. R. Commander.
+ * Copyright (C) 2018, 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -363,6 +363,11 @@
interlace_type != 0 || /* currently don't allow interlaced image */
width == 0 || height == 0) /* image width/height must be non-zero */
ERREXIT(cinfo, JERR_TGA_BADPARMS);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ if (sinfo->max_pixels &&
+ (unsigned long long)width * height > sinfo->max_pixels)
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+#endif
if (subtype > 8) {
/* It's an RLE-coded file */
@@ -493,6 +498,9 @@
/* Fill in method ptrs, except get_pixel_rows which start_input sets */
source->pub.start_input = start_input_tga;
source->pub.finish_input = finish_input_tga;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ source->pub.max_pixels = 0;
+#endif
return (cjpeg_source_ptr)source;
}
diff --git a/simd/CMakeLists.txt b/simd/CMakeLists.txt
deleted file mode 100755
index f3c24ef..0000000
--- a/simd/CMakeLists.txt
+++ /dev/null
@@ -1,425 +0,0 @@
-macro(simd_fail message)
- if(REQUIRE_SIMD)
- message(FATAL_ERROR "${message}.")
- else()
- message(WARNING "${message}. Performance will suffer.")
- set(WITH_SIMD 0 PARENT_SCOPE)
- endif()
-endmacro()
-
-
-###############################################################################
-# x86[-64] (NASM)
-###############################################################################
-
-if(CPU_TYPE STREQUAL "x86_64" OR CPU_TYPE STREQUAL "i386")
-
-set(CMAKE_ASM_NASM_FLAGS_DEBUG_INIT "-g")
-set(CMAKE_ASM_NASM_FLAGS_RELWITHDEBINFO_INIT "-g")
-
-# Allow the location of the NASM executable to be specified using the ASM_NASM
-# environment variable. This should happen automatically, but unfortunately
-# enable_language(ASM_NASM) doesn't parse the ASM_NASM environment variable
-# until after CMAKE_ASM_NASM_COMPILER has been populated with the results of
-# searching for NASM or YASM in the PATH.
-if(NOT DEFINED CMAKE_ASM_NASM_COMPILER AND DEFINED ENV{ASM_NASM})
- set(CMAKE_ASM_NASM_COMPILER $ENV{ASM_NASM})
-endif()
-
-if(CPU_TYPE STREQUAL "x86_64")
- if(CYGWIN)
- set(CMAKE_ASM_NASM_OBJECT_FORMAT win64)
- endif()
- if(CMAKE_C_COMPILER_ABI MATCHES "ELF X32")
- set(CMAKE_ASM_NASM_OBJECT_FORMAT elfx32)
- endif()
-elseif(CPU_TYPE STREQUAL "i386")
- if(BORLAND)
- set(CMAKE_ASM_NASM_OBJECT_FORMAT obj)
- elseif(CYGWIN)
- set(CMAKE_ASM_NASM_OBJECT_FORMAT win32)
- endif()
-endif()
-
-if(NOT REQUIRE_SIMD)
- include(CheckLanguage)
- check_language(ASM_NASM)
- if(NOT CMAKE_ASM_NASM_COMPILER)
- simd_fail("SIMD extensions disabled: could not find NASM compiler")
- return()
- endif()
-endif()
-enable_language(ASM_NASM)
-message(STATUS "CMAKE_ASM_NASM_COMPILER = ${CMAKE_ASM_NASM_COMPILER}")
-
-if(CMAKE_ASM_NASM_OBJECT_FORMAT MATCHES "macho*")
- set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DMACHO")
-elseif(CMAKE_ASM_NASM_OBJECT_FORMAT MATCHES "elf*")
- set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DELF")
- set(CMAKE_ASM_NASM_DEBUG_FORMAT "dwarf2")
-endif()
-if(CPU_TYPE STREQUAL "x86_64")
- if(WIN32 OR CYGWIN)
- set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DWIN64")
- endif()
- set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -D__x86_64__")
-elseif(CPU_TYPE STREQUAL "i386")
- if(BORLAND)
- set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DOBJ32")
- elseif(WIN32 OR CYGWIN)
- set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DWIN32")
- endif()
-endif()
-
-message(STATUS "CMAKE_ASM_NASM_OBJECT_FORMAT = ${CMAKE_ASM_NASM_OBJECT_FORMAT}")
-
-if(NOT CMAKE_ASM_NASM_OBJECT_FORMAT)
- simd_fail("SIMD extensions disabled: could not determine NASM object format")
- return()
-endif()
-
-get_filename_component(CMAKE_ASM_NASM_COMPILER_TYPE
- "${CMAKE_ASM_NASM_COMPILER}" NAME_WE)
-if(CMAKE_ASM_NASM_COMPILER_TYPE MATCHES "yasm")
- foreach(var CMAKE_ASM_NASM_FLAGS_DEBUG CMAKE_ASM_NASM_FLAGS_RELWITHDEBINFO)
- if(${var} STREQUAL "-g")
- if(CMAKE_ASM_NASM_DEBUG_FORMAT)
- set_property(CACHE ${var} PROPERTY VALUE "-g ${CMAKE_ASM_NASM_DEBUG_FORMAT}")
- else()
- set_property(CACHE ${var} PROPERTY VALUE "")
- endif()
- endif()
- endforeach()
-endif()
-
-if(NOT WIN32 AND (CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED))
- set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DPIC")
-endif()
-
-string(TOUPPER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_UC)
-set(EFFECTIVE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} ${CMAKE_ASM_NASM_FLAGS_${CMAKE_BUILD_TYPE_UC}}")
-message(STATUS "CMAKE_ASM_NASM_FLAGS = ${EFFECTIVE_ASM_NASM_FLAGS}")
-
-set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -I\"${CMAKE_CURRENT_SOURCE_DIR}/nasm/\" -I\"${CMAKE_CURRENT_SOURCE_DIR}/${CPU_TYPE}/\"")
-
-set(GREP grep)
-if(CMAKE_SYSTEM_NAME STREQUAL "SunOS")
- set(GREP ggrep)
-endif()
-add_custom_target(jsimdcfg COMMAND
- ${CMAKE_C_COMPILER} -E -I${CMAKE_BINARY_DIR} -I${CMAKE_CURRENT_BINARY_DIR}
- -I${CMAKE_CURRENT_SOURCE_DIR}
- ${CMAKE_CURRENT_SOURCE_DIR}/nasm/jsimdcfg.inc.h |
- ${GREP} -E '^[\;%]|^\ %' | sed 's%_cpp_protection_%%' |
- sed 's@% define@%define@g' >${CMAKE_CURRENT_SOURCE_DIR}/nasm/jsimdcfg.inc)
-
-if(CPU_TYPE STREQUAL "x86_64")
- set(SIMD_SOURCES x86_64/jsimdcpu.asm x86_64/jfdctflt-sse.asm
- x86_64/jccolor-sse2.asm x86_64/jcgray-sse2.asm x86_64/jchuff-sse2.asm
- x86_64/jcphuff-sse2.asm x86_64/jcsample-sse2.asm x86_64/jdcolor-sse2.asm
- x86_64/jdmerge-sse2.asm x86_64/jdsample-sse2.asm x86_64/jfdctfst-sse2.asm
- x86_64/jfdctint-sse2.asm x86_64/jidctflt-sse2.asm x86_64/jidctfst-sse2.asm
- x86_64/jidctint-sse2.asm x86_64/jidctred-sse2.asm x86_64/jquantf-sse2.asm
- x86_64/jquanti-sse2.asm
- x86_64/jccolor-avx2.asm x86_64/jcgray-avx2.asm x86_64/jcsample-avx2.asm
- x86_64/jdcolor-avx2.asm x86_64/jdmerge-avx2.asm x86_64/jdsample-avx2.asm
- x86_64/jfdctint-avx2.asm x86_64/jidctint-avx2.asm x86_64/jquanti-avx2.asm)
-else()
- set(SIMD_SOURCES i386/jsimdcpu.asm i386/jfdctflt-3dn.asm
- i386/jidctflt-3dn.asm i386/jquant-3dn.asm
- i386/jccolor-mmx.asm i386/jcgray-mmx.asm i386/jcsample-mmx.asm
- i386/jdcolor-mmx.asm i386/jdmerge-mmx.asm i386/jdsample-mmx.asm
- i386/jfdctfst-mmx.asm i386/jfdctint-mmx.asm i386/jidctfst-mmx.asm
- i386/jidctint-mmx.asm i386/jidctred-mmx.asm i386/jquant-mmx.asm
- i386/jfdctflt-sse.asm i386/jidctflt-sse.asm i386/jquant-sse.asm
- i386/jccolor-sse2.asm i386/jcgray-sse2.asm i386/jchuff-sse2.asm
- i386/jcphuff-sse2.asm i386/jcsample-sse2.asm i386/jdcolor-sse2.asm
- i386/jdmerge-sse2.asm i386/jdsample-sse2.asm i386/jfdctfst-sse2.asm
- i386/jfdctint-sse2.asm i386/jidctflt-sse2.asm i386/jidctfst-sse2.asm
- i386/jidctint-sse2.asm i386/jidctred-sse2.asm i386/jquantf-sse2.asm
- i386/jquanti-sse2.asm
- i386/jccolor-avx2.asm i386/jcgray-avx2.asm i386/jcsample-avx2.asm
- i386/jdcolor-avx2.asm i386/jdmerge-avx2.asm i386/jdsample-avx2.asm
- i386/jfdctint-avx2.asm i386/jidctint-avx2.asm i386/jquanti-avx2.asm)
-endif()
-
-if(MSVC_IDE)
- set(OBJDIR "${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}")
- string(REGEX REPLACE " " ";" CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS}")
-elseif(XCODE)
- set(OBJDIR "${CMAKE_CURRENT_BINARY_DIR}")
- string(REGEX REPLACE " " ";" CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS}")
-endif()
-
-file(GLOB INC_FILES nasm/*.inc)
-
-foreach(file ${SIMD_SOURCES})
- set(OBJECT_DEPENDS "")
- if(${file} MATCHES jccolor)
- string(REGEX REPLACE "jccolor" "jccolext" DEPFILE ${file})
- set(OBJECT_DEPENDS ${OBJECT_DEPENDS}
- ${CMAKE_CURRENT_SOURCE_DIR}/${DEPFILE})
- endif()
- if(${file} MATCHES jcgray)
- string(REGEX REPLACE "jcgray" "jcgryext" DEPFILE ${file})
- set(OBJECT_DEPENDS ${OBJECT_DEPENDS}
- ${CMAKE_CURRENT_SOURCE_DIR}/${DEPFILE})
- endif()
- if(${file} MATCHES jdcolor)
- string(REGEX REPLACE "jdcolor" "jdcolext" DEPFILE ${file})
- set(OBJECT_DEPENDS ${OBJECT_DEPENDS}
- ${CMAKE_CURRENT_SOURCE_DIR}/${DEPFILE})
- endif()
- if(${file} MATCHES jdmerge)
- string(REGEX REPLACE "jdmerge" "jdmrgext" DEPFILE ${file})
- set(OBJECT_DEPENDS ${OBJECT_DEPENDS}
- ${CMAKE_CURRENT_SOURCE_DIR}/${DEPFILE})
- endif()
- set(OBJECT_DEPENDS ${OBJECT_DEPENDS} ${INC_FILES})
- if(MSVC_IDE OR XCODE)
- # The CMake Visual Studio generators do not work properly with the ASM_NASM
- # language, so we have to go rogue here and use a custom command like we
- # did in prior versions of libjpeg-turbo. (This is why we can't have nice
- # things.)
- string(REGEX REPLACE "${CPU_TYPE}/" "" filename ${file})
- set(SIMD_OBJ ${OBJDIR}/${filename}${CMAKE_C_OUTPUT_EXTENSION})
- add_custom_command(OUTPUT ${SIMD_OBJ} DEPENDS ${file} ${OBJECT_DEPENDS}
- COMMAND ${CMAKE_ASM_NASM_COMPILER} -f${CMAKE_ASM_NASM_OBJECT_FORMAT}
- ${CMAKE_ASM_NASM_FLAGS} ${CMAKE_CURRENT_SOURCE_DIR}/${file}
- -o${SIMD_OBJ})
- set(SIMD_OBJS ${SIMD_OBJS} ${SIMD_OBJ})
- else()
- set_source_files_properties(${file} PROPERTIES OBJECT_DEPENDS
- "${OBJECT_DEPENDS}")
- endif()
-endforeach()
-
-if(MSVC_IDE OR XCODE)
- set(SIMD_OBJS ${SIMD_OBJS} PARENT_SCOPE)
- add_library(simd OBJECT ${CPU_TYPE}/jsimd.c)
- add_custom_target(simd-objs DEPENDS ${SIMD_OBJS})
- add_dependencies(simd simd-objs)
-else()
- add_library(simd OBJECT ${SIMD_SOURCES} ${CPU_TYPE}/jsimd.c)
-endif()
-if(NOT WIN32 AND (CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED))
- set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1)
-endif()
-
-
-###############################################################################
-# Arm (Intrinsics or GAS)
-###############################################################################
-
-elseif(CPU_TYPE STREQUAL "arm64" OR CPU_TYPE STREQUAL "arm")
-
-include(CheckSymbolExists)
-if(BITS EQUAL 32)
- set(CMAKE_REQUIRED_FLAGS -mfpu=neon)
-endif()
-check_symbol_exists(vld1_s16_x3 arm_neon.h HAVE_VLD1_S16_X3)
-check_symbol_exists(vld1_u16_x2 arm_neon.h HAVE_VLD1_U16_X2)
-check_symbol_exists(vld1q_u8_x4 arm_neon.h HAVE_VLD1Q_U8_X4)
-if(BITS EQUAL 32)
- unset(CMAKE_REQUIRED_FLAGS)
-endif()
-configure_file(arm/neon-compat.h.in arm/neon-compat.h @ONLY)
-include_directories(${CMAKE_CURRENT_BINARY_DIR}/arm)
-
-# GCC (as of this writing) and some older versions of Clang do not have a full
-# or optimal set of Neon intrinsics, so for performance reasons, when using
-# those compilers, we default to using the older GAS implementation of the Neon
-# SIMD extensions for certain algorithms. The presence or absence of the three
-# intrinsics we tested above is a reasonable proxy for this. We always default
-# to using the full Neon intrinsics implementation when building for macOS or
-# iOS, to avoid the need for gas-preprocessor.
-if((HAVE_VLD1_S16_X3 AND HAVE_VLD1_U16_X2 AND HAVE_VLD1Q_U8_X4) OR APPLE)
- set(DEFAULT_NEON_INTRINSICS 1)
-else()
- set(DEFAULT_NEON_INTRINSICS 0)
-endif()
-option(NEON_INTRINSICS
- "Because GCC (as of this writing) and some older versions of Clang do not have a full or optimal set of Neon intrinsics, for performance reasons, the default when building libjpeg-turbo with those compilers is to continue using the older GAS implementation of the Neon SIMD extensions for certain algorithms. Setting this option forces the full Neon intrinsics implementation to be used with all compilers. Unsetting this option forces the hybrid GAS/intrinsics implementation to be used with all compilers."
- ${DEFAULT_NEON_INTRINSICS})
-boolean_number(NEON_INTRINSICS PARENT_SCOPE)
-if(NEON_INTRINSICS)
- add_definitions(-DNEON_INTRINSICS)
- message(STATUS "Use full Neon SIMD intrinsics implementation (NEON_INTRINSICS = ${NEON_INTRINSICS})")
-else()
- message(STATUS "Use partial Neon SIMD intrinsics implementation (NEON_INTRINSICS = ${NEON_INTRINSICS})")
-endif()
-
-set(SIMD_SOURCES arm/jcgray-neon.c arm/jcphuff-neon.c arm/jcsample-neon.c
- arm/jdmerge-neon.c arm/jdsample-neon.c arm/jfdctfst-neon.c
- arm/jidctred-neon.c arm/jquanti-neon.c)
-if(NEON_INTRINSICS)
- set(SIMD_SOURCES ${SIMD_SOURCES} arm/jccolor-neon.c arm/jidctint-neon.c)
-endif()
-if(NEON_INTRINSICS OR BITS EQUAL 64)
- set(SIMD_SOURCES ${SIMD_SOURCES} arm/jidctfst-neon.c)
-endif()
-if(NEON_INTRINSICS OR BITS EQUAL 32)
- set(SIMD_SOURCES ${SIMD_SOURCES} arm/aarch${BITS}/jchuff-neon.c
- arm/jdcolor-neon.c arm/jfdctint-neon.c)
-endif()
-if(BITS EQUAL 32)
- set_source_files_properties(${SIMD_SOURCES} COMPILE_FLAGS -mfpu=neon)
-endif()
-if(NOT NEON_INTRINSICS)
- enable_language(ASM)
-
- set(CMAKE_ASM_FLAGS "${CMAKE_C_FLAGS} ${CMAKE_ASM_FLAGS}")
-
- string(TOUPPER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_UC)
- set(EFFECTIVE_ASM_FLAGS "${CMAKE_ASM_FLAGS} ${CMAKE_ASM_FLAGS_${CMAKE_BUILD_TYPE_UC}}")
- message(STATUS "CMAKE_ASM_FLAGS = ${EFFECTIVE_ASM_FLAGS}")
-
- set(SIMD_SOURCES ${SIMD_SOURCES} arm/aarch${BITS}/jsimd_neon.S)
-endif()
-
-add_library(simd OBJECT ${SIMD_SOURCES} arm/aarch${BITS}/jsimd.c)
-
-if(CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED)
- set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1)
-endif()
-
-
-###############################################################################
-# MIPS (GAS)
-###############################################################################
-
-elseif(CPU_TYPE STREQUAL "mips" OR CPU_TYPE STREQUAL "mipsel")
-
-enable_language(ASM)
-
-string(TOUPPER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_UC)
-set(EFFECTIVE_ASM_FLAGS "${CMAKE_ASM_FLAGS} ${CMAKE_ASM_FLAGS_${CMAKE_BUILD_TYPE_UC}}")
-message(STATUS "CMAKE_ASM_FLAGS = ${EFFECTIVE_ASM_FLAGS}")
-
-set(CMAKE_REQUIRED_FLAGS -mdspr2)
-
-check_c_source_compiles("
- #if !(defined(__mips__) && __mips_isa_rev >= 2)
- #error MIPS DSPr2 is currently only available on MIPS32r2 platforms.
- #endif
- int main(void) {
- int c = 0, a = 0, b = 0;
- __asm__ __volatile__ (
- \"precr.qb.ph %[c], %[a], %[b]\"
- : [c] \"=r\" (c)
- : [a] \"r\" (a), [b] \"r\" (b)
- );
- return c;
- }" HAVE_DSPR2)
-
-unset(CMAKE_REQUIRED_FLAGS)
-
-if(NOT HAVE_DSPR2)
- simd_fail("SIMD extensions not available for this CPU")
- return()
-endif()
-
-add_library(simd OBJECT mips/jsimd_dspr2.S mips/jsimd.c)
-
-if(CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED)
- set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1)
-endif()
-
-###############################################################################
-# MIPS64 (Intrinsics)
-###############################################################################
-
-elseif(CPU_TYPE STREQUAL "loongson" OR CPU_TYPE MATCHES "mips64*")
-
-set(CMAKE_REQUIRED_FLAGS -Wa,-mloongson-mmi,-mloongson-ext)
-
-check_c_source_compiles("
- int main(void) {
- int c = 0, a = 0, b = 0;
- asm (
- \"paddb %0, %1, %2\"
- : \"=f\" (c)
- : \"f\" (a), \"f\" (b)
- );
- return c;
- }" HAVE_MMI)
-
-unset(CMAKE_REQUIRED_FLAGS)
-
-if(NOT HAVE_MMI)
- simd_fail("SIMD extensions not available for this CPU")
- return()
-endif()
-
-set(SIMD_SOURCES mips64/jccolor-mmi.c mips64/jcgray-mmi.c mips64/jcsample-mmi.c
- mips64/jdcolor-mmi.c mips64/jdmerge-mmi.c mips64/jdsample-mmi.c
- mips64/jfdctfst-mmi.c mips64/jfdctint-mmi.c mips64/jidctfst-mmi.c
- mips64/jidctint-mmi.c mips64/jquanti-mmi.c)
-
-if(CMAKE_COMPILER_IS_GNUCC)
- foreach(file ${SIMD_SOURCES})
- set_property(SOURCE ${file} APPEND_STRING PROPERTY COMPILE_FLAGS
- " -fno-strict-aliasing")
- endforeach()
-endif()
-foreach(file ${SIMD_SOURCES})
- set_property(SOURCE ${file} APPEND_STRING PROPERTY COMPILE_FLAGS
- " -Wa,-mloongson-mmi,-mloongson-ext")
-endforeach()
-
-add_library(simd OBJECT ${SIMD_SOURCES} mips64/jsimd.c)
-
-if(CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED)
- set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1)
-endif()
-
-###############################################################################
-# PowerPC (Intrinsics)
-###############################################################################
-
-elseif(CPU_TYPE STREQUAL "powerpc")
-
-set(CMAKE_REQUIRED_FLAGS -maltivec)
-
-check_c_source_compiles("
- #include <altivec.h>
- int main(void) {
- __vector int vi = { 0, 0, 0, 0 };
- int i[4];
- vec_st(vi, 0, i);
- return i[0];
- }" HAVE_ALTIVEC)
-
-unset(CMAKE_REQUIRED_FLAGS)
-
-if(NOT HAVE_ALTIVEC)
- simd_fail("SIMD extensions not available for this CPU (PowerPC SPE)")
- return()
-endif()
-
-set(SIMD_SOURCES powerpc/jccolor-altivec.c powerpc/jcgray-altivec.c
- powerpc/jcsample-altivec.c powerpc/jdcolor-altivec.c
- powerpc/jdmerge-altivec.c powerpc/jdsample-altivec.c
- powerpc/jfdctfst-altivec.c powerpc/jfdctint-altivec.c
- powerpc/jidctfst-altivec.c powerpc/jidctint-altivec.c
- powerpc/jquanti-altivec.c)
-
-set_source_files_properties(${SIMD_SOURCES} PROPERTIES
- COMPILE_FLAGS -maltivec)
-
-add_library(simd OBJECT ${SIMD_SOURCES} powerpc/jsimd.c)
-
-if(CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED)
- set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1)
-endif()
-
-
-###############################################################################
-# None
-###############################################################################
-
-else()
-
-simd_fail("SIMD extensions not available for this CPU (${CMAKE_SYSTEM_PROCESSOR})")
-
-endif() # CPU_TYPE
diff --git a/simd/arm/jchuff.h b/simd/arm/jchuff.h
index d30759f..d4edd5e 100644
--- a/simd/arm/jchuff.h
+++ b/simd/arm/jchuff.h
@@ -6,7 +6,7 @@
* libjpeg-turbo Modifications:
* Copyright (C) 2009, 2018, D. R. Commander.
* Copyright (C) 2018, Matthias Räncker.
- * Copyright (C) 2020, Arm Limited.
+ * Copyright (C) 2020-2021, Arm Limited.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*/
@@ -56,24 +56,6 @@
*/
#if defined(__aarch64__) || defined(_M_ARM64)
-#if defined(_MSC_VER) && !defined(__clang__)
-#define SPLAT() { \
- buffer[0] = (JOCTET)(put_buffer >> 56); \
- buffer[1] = (JOCTET)(put_buffer >> 48); \
- buffer[2] = (JOCTET)(put_buffer >> 40); \
- buffer[3] = (JOCTET)(put_buffer >> 32); \
- buffer[4] = (JOCTET)(put_buffer >> 24); \
- buffer[5] = (JOCTET)(put_buffer >> 16); \
- buffer[6] = (JOCTET)(put_buffer >> 8); \
- buffer[7] = (JOCTET)(put_buffer ); \
-}
-#else
-#define SPLAT() { \
- __asm__("rev %x0, %x1" : "=r"(put_buffer) : "r"(put_buffer)); \
- *((uint64_t *)buffer) = put_buffer; \
-}
-#endif
-
#define FLUSH() { \
if (put_buffer & 0x8080808080808080 & ~(put_buffer + 0x0101010101010101)) { \
EMIT_BYTE(put_buffer >> 56) \
@@ -85,27 +67,13 @@
EMIT_BYTE(put_buffer >> 8) \
EMIT_BYTE(put_buffer ) \
} else { \
- SPLAT() \
+ *((uint64_t *)buffer) = BUILTIN_BSWAP64(put_buffer); \
buffer += 8; \
} \
}
#else
-#if defined(_MSC_VER) && !defined(__clang__)
-#define SPLAT() { \
- buffer[0] = (JOCTET)(put_buffer >> 24); \
- buffer[1] = (JOCTET)(put_buffer >> 16); \
- buffer[2] = (JOCTET)(put_buffer >> 8); \
- buffer[3] = (JOCTET)(put_buffer ); \
-}
-#else
-#define SPLAT() { \
- __asm__("rev %0, %1" : "=r"(put_buffer) : "r"(put_buffer)); \
- *((uint32_t *)buffer) = put_buffer; \
-}
-#endif
-
#define FLUSH() { \
if (put_buffer & 0x80808080 & ~(put_buffer + 0x01010101)) { \
EMIT_BYTE(put_buffer >> 24) \
@@ -113,7 +81,7 @@
EMIT_BYTE(put_buffer >> 8) \
EMIT_BYTE(put_buffer ) \
} else { \
- SPLAT() \
+ *((uint32_t *)buffer) = BUILTIN_BSWAP32(put_buffer); \
buffer += 4; \
} \
}
diff --git a/simd/arm/neon-compat.h b/simd/arm/neon-compat.h
index 543d860..3d77527 100644
--- a/simd/arm/neon-compat.h
+++ b/simd/arm/neon-compat.h
@@ -25,13 +25,17 @@
#define HAVE_VLD1Q_U8_X4
#endif
-/* Define compiler-independent count-leading-zeros macros */
+/* Define compiler-independent count-leading-zeros and byte-swap macros */
#if defined(_MSC_VER) && !defined(__clang__)
#define BUILTIN_CLZ(x) _CountLeadingZeros(x)
#define BUILTIN_CLZLL(x) _CountLeadingZeros64(x)
+#define BUILTIN_BSWAP32(x) _byteswap_ulong(x)
+#define BUILTIN_BSWAP64(x) _byteswap_uint64(x)
#elif defined(__clang__) || defined(__GNUC__)
#define BUILTIN_CLZ(x) __builtin_clz(x)
#define BUILTIN_CLZLL(x) __builtin_clzll(x)
+#define BUILTIN_BSWAP32(x) __builtin_bswap32(x)
+#define BUILTIN_BSWAP64(x) __builtin_bswap64(x)
#else
#error "Unknown compiler"
#endif
diff --git a/simd/arm/neon-compat.h.in b/simd/arm/neon-compat.h.in
index 23d6d28..436c402 100644
--- a/simd/arm/neon-compat.h.in
+++ b/simd/arm/neon-compat.h.in
@@ -23,13 +23,17 @@
#cmakedefine HAVE_VLD1_U16_X2
#cmakedefine HAVE_VLD1Q_U8_X4
-/* Define compiler-independent count-leading-zeros macros */
+/* Define compiler-independent count-leading-zeros and byte-swap macros */
#if defined(_MSC_VER) && !defined(__clang__)
#define BUILTIN_CLZ(x) _CountLeadingZeros(x)
#define BUILTIN_CLZLL(x) _CountLeadingZeros64(x)
+#define BUILTIN_BSWAP32(x) _byteswap_ulong(x)
+#define BUILTIN_BSWAP64(x) _byteswap_uint64(x)
#elif defined(__clang__) || defined(__GNUC__)
#define BUILTIN_CLZ(x) __builtin_clz(x)
#define BUILTIN_CLZLL(x) __builtin_clzll(x)
+#define BUILTIN_BSWAP32(x) __builtin_bswap32(x)
+#define BUILTIN_BSWAP64(x) __builtin_bswap64(x)
#else
#error "Unknown compiler"
#endif
diff --git a/simd/i386/jcphuff-sse2.asm b/simd/i386/jcphuff-sse2.asm
index 8b73178..c26b48a 100644
--- a/simd/i386/jcphuff-sse2.asm
+++ b/simd/i386/jcphuff-sse2.asm
@@ -523,6 +523,8 @@
add KK, 2
dec K
jnz .BLOOPR16
+ test LEN, 15
+ je .PADDINGR
.ELOOPR16:
mov LENEND, LEN
diff --git a/simd/x86_64/jcphuff-sse2.asm b/simd/x86_64/jcphuff-sse2.asm
index 8ed4472..01b5c02 100644
--- a/simd/x86_64/jcphuff-sse2.asm
+++ b/simd/x86_64/jcphuff-sse2.asm
@@ -504,6 +504,8 @@
add KK, 16
dec K
jnz .BLOOPR16
+ test LEN, 15
+ je .PADDINGR
.ELOOPR16:
test LEN, 8
jz .TRYR7
diff --git a/testimages/test.scan b/testimages/test.scan
index 563446d..2a8ea7f 100644
--- a/testimages/test.scan
+++ b/testimages/test.scan
@@ -1,5 +1,8 @@
0 1 2: 0 0 0 0;
-0: 1 16 0 0;
-0: 17 63 0 0;
+0: 1 9 0 0;
+0: 10 41 0 2;
+0: 10 41 2 1;
+0: 10 41 1 0;
+0: 42 63 0 0;
1: 1 63 0 0;
2: 1 63 0 0;
diff --git a/tjbench.c b/tjbench.c
index e098f3b..97475ec 100644
--- a/tjbench.c
+++ b/tjbench.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved.
+ * Copyright (C)2009-2019, 2021 D. R. Commander. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -816,6 +816,8 @@
printf("-componly = Stop after running compression tests. Do not test decompression.\n");
printf("-nowrite = Do not write reference or output images (improves consistency of\n");
printf(" performance measurements.)\n");
+ printf("-limitscans = Refuse to decompress or transform progressive JPEG images that\n");
+ printf(" have an unreasonably large number of scans\n");
printf("-stoponwarning = Immediately discontinue the current\n");
printf(" compression/decompression/transform operation if the underlying codec\n");
printf(" throws a warning (non-fatal error)\n\n");
@@ -974,6 +976,8 @@
compOnly = 1;
else if (!strcasecmp(argv[i], "-nowrite"))
doWrite = 0;
+ else if (!strcasecmp(argv[i], "-limitscans"))
+ flags |= TJFLAG_LIMITSCANS;
else if (!strcasecmp(argv[i], "-stoponwarning"))
flags |= TJFLAG_STOPONWARNING;
else usage(argv[0]);
diff --git a/tjutil.h b/tjutil.h
index f72840c..8542bab 100644
--- a/tjutil.h
+++ b/tjutil.h
@@ -30,7 +30,7 @@
#ifndef __MINGW32__
#include <stdio.h>
#define snprintf(str, n, format, ...) \
- _snprintf_s(str, n, _TRUNCATE, format, __VA_ARGS__)
+ _snprintf_s(str, n, _TRUNCATE, format, ##__VA_ARGS__)
#endif
#define strcasecmp stricmp
#define strncasecmp strnicmp
diff --git a/turbojpeg.c b/turbojpeg.c
index 8260555..793a3ee 100644
--- a/turbojpeg.c
+++ b/turbojpeg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C)2009-2020 D. R. Commander. All Rights Reserved.
+ * Copyright (C)2009-2021 D. R. Commander. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -112,6 +112,32 @@
boolean isInstanceError;
} tjinstance;
+struct my_progress_mgr {
+ struct jpeg_progress_mgr pub;
+ tjinstance *this;
+};
+typedef struct my_progress_mgr *my_progress_ptr;
+
+static void my_progress_monitor(j_common_ptr dinfo)
+{
+ my_error_ptr myerr = (my_error_ptr)dinfo->err;
+ my_progress_ptr myprog = (my_progress_ptr)dinfo->progress;
+
+ if (dinfo->is_decompressor) {
+ int scan_no = ((j_decompress_ptr)dinfo)->input_scan_number;
+
+ if (scan_no > 500) {
+ snprintf(myprog->this->errStr, JMSG_LENGTH_MAX,
+ "Progressive JPEG image has more than 500 scans");
+ snprintf(errStr, JMSG_LENGTH_MAX,
+ "Progressive JPEG image has more than 500 scans");
+ myprog->this->isInstanceError = TRUE;
+ myerr->warning = FALSE;
+ longjmp(myerr->setjmp_buffer, 1);
+ }
+ }
+}
+
static const int pixelsize[TJ_NUMSAMP] = { 3, 3, 3, 1, 3, 3 };
static const JXFORM_CODE xformtypes[TJ_NUMXOP] = {
@@ -178,6 +204,11 @@
this->isInstanceError = TRUE; THROWG(m) \
}
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+/* Private flag that triggers different TurboJPEG API behavior when fuzzing */
+#define TJFLAG_FUZZING (1 << 30)
+#endif
+
#define GET_INSTANCE(handle) \
tjinstance *this = (tjinstance *)handle; \
j_compress_ptr cinfo = NULL; \
@@ -689,7 +720,10 @@
jpeg_finish_compress(cinfo);
bailout:
- if (cinfo->global_state > CSTATE_START) jpeg_abort_compress(cinfo);
+ if (cinfo->global_state > CSTATE_START) {
+ if (alloc) (*cinfo->dest->term_destination) (cinfo);
+ jpeg_abort_compress(cinfo);
+ }
free(row_pointer);
if (this->jerr.warning) retval = -1;
this->jerr.stopOnWarning = FALSE;
@@ -1057,7 +1091,10 @@
jpeg_finish_compress(cinfo);
bailout:
- if (cinfo->global_state > CSTATE_START) jpeg_abort_compress(cinfo);
+ if (cinfo->global_state > CSTATE_START) {
+ if (alloc) (*cinfo->dest->term_destination) (cinfo);
+ jpeg_abort_compress(cinfo);
+ }
for (i = 0; i < MAX_COMPONENTS; i++) {
free(tmpbuf[i]);
free(inbuf[i]);
@@ -1245,6 +1282,7 @@
{
JSAMPROW *row_pointer = NULL;
int i, retval = 0, jpegwidth, jpegheight, scaledw, scaledh;
+ struct my_progress_mgr progress;
GET_DINSTANCE(handle);
this->jerr.stopOnWarning = (flags & TJFLAG_STOPONWARNING) ? TRUE : FALSE;
@@ -1261,6 +1299,14 @@
else if (flags & TJFLAG_FORCESSE2) putenv("JSIMD_FORCESSE2=1");
#endif
+ if (flags & TJFLAG_LIMITSCANS) {
+ MEMZERO(&progress, sizeof(struct my_progress_mgr));
+ progress.pub.progress_monitor = my_progress_monitor;
+ progress.this = this;
+ dinfo->progress = &progress.pub;
+ } else
+ dinfo->progress = NULL;
+
if (setjmp(this->jerr.setjmp_buffer)) {
/* If we get here, the JPEG code has signaled an error. */
retval = -1; goto bailout;
@@ -1579,6 +1625,7 @@
JSAMPLE *_tmpbuf = NULL, *ptr;
JSAMPROW *outbuf[MAX_COMPONENTS], *tmpbuf[MAX_COMPONENTS];
int dctsize;
+ struct my_progress_mgr progress;
GET_DINSTANCE(handle);
this->jerr.stopOnWarning = (flags & TJFLAG_STOPONWARNING) ? TRUE : FALSE;
@@ -1600,6 +1647,14 @@
else if (flags & TJFLAG_FORCESSE2) putenv("JSIMD_FORCESSE2=1");
#endif
+ if (flags & TJFLAG_LIMITSCANS) {
+ MEMZERO(&progress, sizeof(struct my_progress_mgr));
+ progress.pub.progress_monitor = my_progress_monitor;
+ progress.this = this;
+ dinfo->progress = &progress.pub;
+ } else
+ dinfo->progress = NULL;
+
if (setjmp(this->jerr.setjmp_buffer)) {
/* If we get here, the JPEG code has signaled an error. */
retval = -1; goto bailout;
@@ -1837,7 +1892,8 @@
{
jpeg_transform_info *xinfo = NULL;
jvirt_barray_ptr *srccoefs, *dstcoefs;
- int retval = 0, i, jpegSubsamp, saveMarkers = 0;
+ int retval = 0, alloc = 1, i, jpegSubsamp, saveMarkers = 0;
+ struct my_progress_mgr progress;
GET_INSTANCE(handle);
this->jerr.stopOnWarning = (flags & TJFLAG_STOPONWARNING) ? TRUE : FALSE;
@@ -1854,6 +1910,14 @@
else if (flags & TJFLAG_FORCESSE2) putenv("JSIMD_FORCESSE2=1");
#endif
+ if (flags & TJFLAG_LIMITSCANS) {
+ MEMZERO(&progress, sizeof(struct my_progress_mgr));
+ progress.pub.progress_monitor = my_progress_monitor;
+ progress.this = this;
+ dinfo->progress = &progress.pub;
+ } else
+ dinfo->progress = NULL;
+
if ((xinfo =
(jpeg_transform_info *)malloc(sizeof(jpeg_transform_info) * n)) == NULL)
THROW("tjTransform(): Memory allocation failure");
@@ -1916,7 +1980,7 @@
srccoefs = jpeg_read_coefficients(dinfo);
for (i = 0; i < n; i++) {
- int w, h, alloc = 1;
+ int w, h;
if (!xinfo[i].crop) {
w = dinfo->image_width; h = dinfo->image_height;
@@ -1974,7 +2038,10 @@
jpeg_finish_decompress(dinfo);
bailout:
- if (cinfo->global_state > CSTATE_START) jpeg_abort_compress(cinfo);
+ if (cinfo->global_state > CSTATE_START) {
+ if (alloc) (*cinfo->dest->term_destination) (cinfo);
+ jpeg_abort_compress(cinfo);
+ }
if (dinfo->global_state > DSTATE_START) jpeg_abort_decompress(dinfo);
free(xinfo);
if (this->jerr.warning) retval = -1;
@@ -2034,6 +2101,11 @@
THROWG("tjLoadImage(): Unsupported file type");
src->input_file = file;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ /* Refuse to load images larger than 1 Megapixel when fuzzing. */
+ if (flags & TJFLAG_FUZZING)
+ src->max_pixels = 1048576;
+#endif
(*src->start_input) (cinfo, src);
(*cinfo->mem->realize_virt_arrays) ((j_common_ptr)cinfo);
diff --git a/turbojpeg.h b/turbojpeg.h
index f3209dd..c2f6b51 100644
--- a/turbojpeg.h
+++ b/turbojpeg.h
@@ -1,5 +1,6 @@
/*
- * Copyright (C)2009-2015, 2017, 2020 D. R. Commander. All Rights Reserved.
+ * Copyright (C)2009-2015, 2017, 2020-2021 D. R. Commander.
+ * All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -418,6 +419,16 @@
* reduce compression and decompression performance considerably.
*/
#define TJFLAG_PROGRESSIVE 16384
+/**
+ * Limit the number of progressive JPEG scans that the decompression and
+ * transform functions will process. If a progressive JPEG image contains an
+ * unreasonably large number of scans, then this flag will cause the
+ * decompression and transform functions to return an error. The primary
+ * purpose of this is to allow security-critical applications to guard against
+ * an exploit of the progressive JPEG format described in
+ * <a href="https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf" target="_blank">this report</a>.
+ */
+#define TJFLAG_LIMITSCANS 32768
/**