diff options
| author | Elliott Hughes <enh@google.com> | 2021-05-07 15:24:03 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-05-07 15:24:03 +0000 |
| commit | 7d3c5265cd5d8a59b3db43562d52424de3da95c0 (patch) | |
| tree | 6d3824158f373f4684d67f316ec715235fcb063c | |
| parent | 1f2bdec49f87aead511cc62ee02dfc34937d46da (diff) | |
| parent | 9d8464a28f033a1e8ddbbd0a586940a99514f757 (diff) | |
| download | libjpeg-turbo-7d3c5265cd5d8a59b3db43562d52424de3da95c0.tar.gz | |
Merge remote-tracking branch 'aosp/upstream-master' into update am: 7f20a9f452 am: 9d8464a28f
Original change: https://android-review.googlesource.com/c/platform/external/libjpeg-turbo/+/1698875
Change-Id: Ib1bc40b13cacca675e0257f24f57f845d8e5e3dc
| -rw-r--r-- | BUILD.gn | 1 | ||||
| -rw-r--r-- | BUILDING.md | 7 | ||||
| -rw-r--r-- | ChangeLog.md | 53 | ||||
| -rw-r--r-- | LICENSE.md | 2 | ||||
| -rw-r--r-- | METADATA | 2 | ||||
| -rw-r--r-- | README.chromium | 26 | ||||
| -rw-r--r-- | cderror.h | 5 | ||||
| -rw-r--r-- | cdjpeg.h | 5 | ||||
| -rw-r--r-- | cjpeg.c | 72 | ||||
| -rw-r--r-- | gtest/cjpeg-gtest-wrapper.cpp | 2 | ||||
| -rw-r--r-- | jchuff.c | 3 | ||||
| -rw-r--r-- | jconfig.h | 8 | ||||
| -rw-r--r-- | jconfigint.h | 18 | ||||
| -rw-r--r-- | jcphuff.c | 16 | ||||
| -rw-r--r-- | jdhuff.c | 30 | ||||
| -rw-r--r-- | jdhuff.h | 9 | ||||
| -rw-r--r-- | jdphuff.c | 14 | ||||
| -rw-r--r-- | jpeglib.h | 6 | ||||
| -rw-r--r-- | jversion.h | 6 | ||||
| -rw-r--r-- | rdbmp.c | 28 | ||||
| -rw-r--r-- | rdgif.c | 21 | ||||
| -rw-r--r-- | rdppm.c | 40 | ||||
| -rw-r--r-- | rdtarga.c | 10 | ||||
| -rwxr-xr-x | simd/CMakeLists.txt | 425 | ||||
| -rw-r--r-- | simd/arm/jchuff.h | 38 | ||||
| -rw-r--r-- | simd/arm/neon-compat.h | 6 | ||||
| -rw-r--r-- | simd/arm/neon-compat.h.in | 6 | ||||
| -rw-r--r-- | simd/i386/jcphuff-sse2.asm | 2 | ||||
| -rw-r--r-- | simd/x86_64/jcphuff-sse2.asm | 2 | ||||
| -rw-r--r-- | testimages/test.scan | 7 | ||||
| -rw-r--r-- | tjbench.c | 6 | ||||
| -rw-r--r-- | tjutil.h | 2 | ||||
| -rw-r--r-- | turbojpeg.c | 84 | ||||
| -rw-r--r-- | turbojpeg.h | 13 |
34 files changed, 412 insertions, 563 deletions
@@ -21,6 +21,7 @@ source_set("libjpeg_headers") { "jpeglib.h", "jpeglibmangler.h", ] + defines = [ "MANGLE_JPEG_NAMES" ] } if (current_cpu == "x86" || current_cpu == "x64") { diff --git a/BUILDING.md b/BUILDING.md index b5106eeb..f91abcd4 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -103,6 +103,13 @@ directory, whereas *{source_directory}* refers to the libjpeg-turbo source directory. For in-tree builds, these directories are the same. +Ninja +----- + +In all of the procedures and recipes below, replace `make` with `ninja` and +`Unix Makefiles` with `Ninja` if using Ninja. + + Build Procedure --------------- diff --git a/ChangeLog.md b/ChangeLog.md index 6eb06f0e..498b8f27 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,56 @@ +2.1.0 +===== + +### Significant changes relative to 2.1 beta1 + +1. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to +decompress certain progressive JPEG images with one or more component planes of +width 8 or less caused a buffer overrun. + +2. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to +decompress a specially-crafted malformed progressive JPEG image caused the +block smoothing algorithm to read from uninitialized memory. + +3. Fixed an issue in the Arm Neon SIMD Huffman encoders that caused the +encoders to generate incorrect results when using the Clang compiler with +Visual Studio. + +4. Fixed a floating point exception (CVE-2021-20205) that occurred when +attempting to compress a specially-crafted malformed GIF image with a specified +image width of 0 using cjpeg. + +5. Fixed a regression introduced by 2.0 beta1[15] whereby attempting to +generate a progressive JPEG image on an SSE2-capable CPU using a scan script +containing one or more scans with lengths divisible by 32 and non-zero +successive approximation low bit positions would, under certain circumstances, +result in an error ("Missing Huffman code table entry") and an invalid JPEG +image. + +6. Introduced a new flag (`TJFLAG_LIMITSCANS` in the TurboJPEG C API and +`TJ.FLAG_LIMIT_SCANS` in the TurboJPEG Java API) and a corresponding TJBench +command-line argument (`-limitscans`) that causes the TurboJPEG decompression +and transform functions/operations to return/throw an error if a progressive +JPEG image contains an unreasonably large number of scans. This allows +applications that use the TurboJPEG API to guard against an exploit of the +progressive JPEG format described in the report +["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf). + +7. The PPM reader now throws an error, rather than segfaulting (due to a buffer +overrun) or generating incorrect pixels, if an application attempts to use the +`tjLoadImage()` function to load a 16-bit binary PPM file (a binary PPM file +with a maximum value greater than 255) into a grayscale image buffer or to load +a 16-bit binary PGM file into an RGB image buffer. + +8. Fixed an issue in the PPM reader that caused incorrect pixels to be +generated when using the `tjLoadImage()` function to load a 16-bit binary PPM +file into an extended RGB image buffer. + +9. Fixed an issue whereby, if a JPEG buffer was automatically re-allocated by +one of the TurboJPEG compression or transform functions and an error +subsequently occurred during compression or transformation, the JPEG buffer +pointer passed by the application was not updated when the function returned. + + 2.0.90 (2.1 beta1) ================== @@ -91,7 +91,7 @@ best of our understanding. The Modified (3-clause) BSD License =================================== -Copyright (C)2009-2020 D. R. Commander. All Rights Reserved. +Copyright (C)2009-2021 D. R. Commander. All Rights Reserved.<br> Copyright (C)2015 Viktor Szathmáry. All Rights Reserved. Redistribution and use in source and binary forms, with or without @@ -5,7 +5,7 @@ third_party { type: GIT value: "https://chromium.googlesource.com/chromium/deps/libjpeg_turbo" } - version: "07a7d24ba3c91fa695d4f2b65f0788c0c80c7928" + version: "764c5fca09cb558f88f3145d67b705f92ffee2d9" license_type: NOTICE last_upgrade_date { year: 2021 diff --git a/README.chromium b/README.chromium index e8b0bc67..d260cb2c 100644 --- a/README.chromium +++ b/README.chromium @@ -1,6 +1,6 @@ Name: libjpeg-turbo URL: https://github.com/libjpeg-turbo/libjpeg-turbo/ -Version: 2.0.90 (2.1 Beta 1) +Version: 2.1.0 License: Custom license License File: LICENSE.md Security Critical: yes @@ -8,23 +8,18 @@ License Android Compatible: yes Description: This consists of the components: -* libjpeg-turbo 2.0.90 (2.1 Beta 1) +* libjpeg-turbo 2.1.0 * This file (README.chromium) * A build file (BUILD.gn) * An OWNERS file * A codereview.settings file * Patched header files used by Chromium -* Additional patches cherry-picked from upstream master to fix various bugs: - https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 - https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c7ca521bc85b57d41d3ad4963c13fc0100481084 - https://github.com/libjpeg-turbo/libjpeg-turbo/commit/110d8d6dcafaed517e8f77a6253169535ee3a20e - https://github.com/libjpeg-turbo/libjpeg-turbo/commit/d2c407995992be1f128704ae2479adfd7906c158 - https://github.com/libjpeg-turbo/libjpeg-turbo/commit/74e6ea45e3547ae85cd43efcdfc24a6907a2154e -* Deleted unused directories: ci, cmakescripts, doc, java, release, sharedlib, - simd/loongson, simd/mips, simd/powerpc, and win +* Deleted unused directories: cmakescripts, doc, fuzz, java, release, + sharedlib, simd/loongson, simd/mips, simd/powerpc, and win * Deleted unused files: appveyor.yml, CMakeLists.txt, doxygen.config, - doxygen-extra.css, .gitattributes, tjexample.c, tjexampletest.in, - tjexampletest.java.in, .travis.yml + doxygen-extra.css, .gitattributes, md5/CMakeLists.txt, md5/md5cmp.c, + simd/CMakeLists.txt, tjexample.c, tjexampletest.in, tjexampletest.java.in and + .travis.yml * Deleted legacy Arm Neon assembly files (supporting old compiler versions that do not generate performant code from intrinsics): simd/arm/aarch32/jsimd_neon.S, simd/arm/aarch64/jsimd_neon.S. @@ -38,13 +33,6 @@ externally visible functions to chromium_* so that we can avoid conflicts that arise when system libraries attempt to use our libjpeg. Also, we applied the following changes which are not merged to upstream: -* Fix libjpeg_turbo svn r64 libjpeg6b compat issue: make the fast path Huffman - decoder fallback to slow decoding if the Huffman decoding bit sentinel > 16, - this to match the exact behavior of jpeg_huff_decode(). - http://crbug.com/398235 - The patch in the above bug removed "& 0xFF". It has been restored from - upstream: - https://github.com/libjpeg-turbo/libjpeg-turbo/commit/fa1d18385d904d530b4aec83ab7757a33397de6e * Configuration files jconfig.h, jconfigint.h and neon-compat.h were generated and then altered manually to be compatible on all of Chromium's platforms. http://crbug.com/608347 @@ -1,9 +1,11 @@ /* * cderror.h * + * This file was part of the Independent JPEG Group's software: * Copyright (C) 1994-1997, Thomas G. Lane. * Modified 2009-2017 by Guido Vollbeding. - * This file is part of the Independent JPEG Group's software. + * libjpeg-turbo Modifications: + * Copyright (C) 2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -60,6 +62,7 @@ JMESSAGE(JTRC_BMP_OS2_MAPPED, "%ux%u 8-bit colormapped OS2 BMP image") JMESSAGE(JERR_GIF_BUG, "GIF output got confused") JMESSAGE(JERR_GIF_CODESIZE, "Bogus GIF codesize %d") JMESSAGE(JERR_GIF_COLORSPACE, "GIF output must be grayscale or RGB") +JMESSAGE(JERR_GIF_EMPTY, "Empty GIF image") JMESSAGE(JERR_GIF_IMAGENOTFOUND, "Too few images in GIF file") JMESSAGE(JERR_GIF_NOT, "Not a GIF file") JMESSAGE(JTRC_GIF, "%ux%ux%d GIF image") @@ -5,7 +5,7 @@ * Copyright (C) 1994-1997, Thomas G. Lane. * Modified 2019 by Guido Vollbeding. * libjpeg-turbo Modifications: - * Copyright (C) 2017, 2019, D. R. Commander. + * Copyright (C) 2017, 2019, 2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -36,6 +36,9 @@ struct cjpeg_source_struct { JSAMPARRAY buffer; JDIMENSION buffer_height; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + JDIMENSION max_pixels; +#endif }; @@ -5,7 +5,7 @@ * Copyright (C) 1991-1998, Thomas G. Lane. * Modified 2003-2011 by Guido Vollbeding. * libjpeg-turbo Modifications: - * Copyright (C) 2010, 2013-2014, 2017, 2019-2020, D. R. Commander. + * Copyright (C) 2010, 2013-2014, 2017, 2019-2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -27,6 +27,9 @@ * works regardless of which command line style is used. */ +#ifdef CJPEG_FUZZER +#define JPEG_INTERNALS +#endif #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications */ #include "jversion.h" /* for version message */ #include "jconfigint.h" @@ -142,8 +145,47 @@ select_file_type(j_compress_ptr cinfo, FILE *infile) static const char *progname; /* program name for error messages */ static char *icc_filename; /* for -icc switch */ static char *outfilename; /* for -outfile switch */ -static boolean memdst; /* for -memdst switch */ -static boolean report; /* for -report switch */ +boolean memdst; /* for -memdst switch */ +boolean report; /* for -report switch */ + + +#ifdef CJPEG_FUZZER + +#include <setjmp.h> + +struct my_error_mgr { + struct jpeg_error_mgr pub; + jmp_buf setjmp_buffer; +}; + +void my_error_exit(j_common_ptr cinfo) +{ + struct my_error_mgr *myerr = (struct my_error_mgr *)cinfo->err; + + longjmp(myerr->setjmp_buffer, 1); +} + +static void my_emit_message(j_common_ptr cinfo, int msg_level) +{ + if (msg_level < 0) + cinfo->err->num_warnings++; +} + +#define HANDLE_ERROR() { \ + if (cinfo.global_state > CSTATE_START) { \ + if (memdst && outbuffer) \ + (*cinfo.dest->term_destination) (&cinfo); \ + jpeg_abort_compress(&cinfo); \ + } \ + jpeg_destroy_compress(&cinfo); \ + if (input_file != stdin && input_file != NULL) \ + fclose(input_file); \ + if (memdst) \ + free(outbuffer); \ + return EXIT_FAILURE; \ +} + +#endif LOCAL(void) @@ -510,11 +552,16 @@ main(int argc, char **argv) #endif { struct jpeg_compress_struct cinfo; +#ifdef CJPEG_FUZZER + struct my_error_mgr myerr; + struct jpeg_error_mgr &jerr = myerr.pub; +#else struct jpeg_error_mgr jerr; +#endif struct cdjpeg_progress_mgr progress; int file_index; cjpeg_source_ptr src_mgr; - FILE *input_file; + FILE *input_file = NULL; FILE *icc_file; JOCTET *icc_profile = NULL; long icc_len = 0; @@ -632,6 +679,13 @@ main(int argc, char **argv) fclose(icc_file); } +#ifdef CJPEG_FUZZER + jerr.error_exit = my_error_exit; + jerr.emit_message = my_emit_message; + if (setjmp(myerr.setjmp_buffer)) + HANDLE_ERROR() +#endif + if (report) { start_progress_monitor((j_common_ptr)&cinfo, &progress); progress.report = report; @@ -640,6 +694,9 @@ main(int argc, char **argv) /* Figure out the input file format, and set up to read it. */ src_mgr = select_file_type(&cinfo, input_file); src_mgr->input_file = input_file; +#ifdef CJPEG_FUZZER + src_mgr->max_pixels = 1048576; +#endif /* Read the input file header to obtain file size & colorspace. */ (*src_mgr->start_input) (&cinfo, src_mgr); @@ -658,6 +715,11 @@ main(int argc, char **argv) #endif jpeg_stdio_dest(&cinfo, output_file); +#ifdef CJPEG_FUZZER + if (setjmp(myerr.setjmp_buffer)) + HANDLE_ERROR() +#endif + /* Start compressor */ jpeg_start_compress(&cinfo, TRUE); @@ -685,7 +747,9 @@ main(int argc, char **argv) end_progress_monitor((j_common_ptr)&cinfo); if (memdst) { +#ifndef CJPEG_FUZZER fprintf(stderr, "Compressed size: %lu bytes\n", outsize); +#endif free(outbuffer); } diff --git a/gtest/cjpeg-gtest-wrapper.cpp b/gtest/cjpeg-gtest-wrapper.cpp index 162e5fd1..9a5e08cf 100644 --- a/gtest/cjpeg-gtest-wrapper.cpp +++ b/gtest/cjpeg-gtest-wrapper.cpp @@ -119,7 +119,7 @@ TEST(CJPEGTest, IFastProg420Q100) { EXPECT_EQ(cjpeg(12, command_line), 0); // Compare expected MD5 sum against that of test image. - const std::string EXPECTED_MD5 = "e59bb462016a8d9a748c330a3474bb55"; + const std::string EXPECTED_MD5 = "0ba15f9dab81a703505f835f9dbbac6d"; EXPECT_TRUE(CompareFileAndMD5(output_path, EXPECTED_MD5)); } @@ -4,7 +4,7 @@ * This file was part of the Independent JPEG Group's software: * Copyright (C) 1991-1997, Thomas G. Lane. * libjpeg-turbo Modifications: - * Copyright (C) 2009-2011, 2014-2016, 2018-2020, D. R. Commander. + * Copyright (C) 2009-2011, 2014-2016, 2018-2021, D. R. Commander. * Copyright (C) 2015, Matthieu Darbois. * Copyright (C) 2018, Matthias Räncker. * Copyright (C) 2020, Arm Limited. @@ -314,6 +314,7 @@ jpeg_make_c_derived_tbl(j_compress_ptr cinfo, boolean isDC, int tblno, * this lets us detect duplicate VAL entries here, and later * allows emit_bits to detect any attempt to emit such symbols. */ + MEMZERO(dtbl->ehufco, sizeof(dtbl->ehufco)); MEMZERO(dtbl->ehufsi, sizeof(dtbl->ehufsi)); /* This is also a convenient place to check for out-of-range @@ -1,13 +1,13 @@ /* Version ID for the JPEG library. * Might be useful for tests like "#if JPEG_LIB_VERSION >= 60". */ -#define JPEG_LIB_VERSION 62 +#define JPEG_LIB_VERSION 62 /* libjpeg-turbo version */ -#define LIBJPEG_TURBO_VERSION 2.0.90 +#define LIBJPEG_TURBO_VERSION 2.1.0 /* libjpeg-turbo version in integer form */ -#define LIBJPEG_TURBO_VERSION_NUMBER 2000090 +#define LIBJPEG_TURBO_VERSION_NUMBER 2001000 /* Support arithmetic encoding */ #define C_ARITH_CODING_SUPPORTED 1 @@ -30,7 +30,7 @@ * We do not support run-time selection of data precision, sorry. */ -#define BITS_IN_JSAMPLE 8 /* use 8 or 12 */ +#define BITS_IN_JSAMPLE 8 /* use 8 or 12 */ /* Define to 1 if you have the <locale.h> header file. */ #define HAVE_LOCALE_H 1 diff --git a/jconfigint.h b/jconfigint.h index 62b41fc8..4f23dffb 100644 --- a/jconfigint.h +++ b/jconfigint.h @@ -1,5 +1,5 @@ /* libjpeg-turbo build number */ -#define BUILD "" +#define BUILD "" /* Compiler's inline keyword */ #undef inline @@ -7,9 +7,9 @@ /* How to obtain function inlining. */ #ifndef INLINE #if defined(__GNUC__) -#define INLINE inline __attribute__((always_inline)) +#define INLINE inline __attribute__((always_inline)) #elif defined(_MSC_VER) -#define INLINE __forceinline +#define INLINE __forceinline #else #define INLINE #endif @@ -19,20 +19,20 @@ #if defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64)) #define THREAD_LOCAL __declspec(thread) #else -#define THREAD_LOCAL __thread +#define THREAD_LOCAL __thread #endif /* Define to the full name of this package. */ -#define PACKAGE_NAME "libjpeg-turbo" +#define PACKAGE_NAME "libjpeg-turbo" /* Version number of package */ -#define VERSION "2.0.90" +#define VERSION "2.1.0" /* The size of `size_t', as computed by sizeof. */ #if __WORDSIZE==64 || defined(_WIN64) -#define SIZEOF_SIZE_T 8 +#define SIZEOF_SIZE_T 8 #else -#define SIZEOF_SIZE_T 4 +#define SIZEOF_SIZE_T 4 #endif /* Define if your compiler has __builtin_ctzl() and sizeof(unsigned long) == sizeof(size_t). */ @@ -42,7 +42,7 @@ /* Define to 1 if you have the <intrin.h> header file. */ #if defined(_MSC_VER) -#define HAVE_INTRIN_H 1 +#define HAVE_INTRIN_H 1 #endif #if defined(_MSC_VER) && defined(HAVE_INTRIN_H) @@ -4,7 +4,7 @@ * This file was part of the Independent JPEG Group's software: * Copyright (C) 1995-1997, Thomas G. Lane. * libjpeg-turbo Modifications: - * Copyright (C) 2011, 2015, 2018, D. R. Commander. + * Copyright (C) 2011, 2015, 2018, 2021, D. R. Commander. * Copyright (C) 2016, 2018, Matthieu Darbois. * Copyright (C) 2020, Arm Limited. * For conditions of distribution and use, see the accompanying README.ijg @@ -174,24 +174,26 @@ INLINE METHODDEF(int) count_zeroes(size_t *x) { - int result; #if defined(HAVE_BUILTIN_CTZL) + int result; result = __builtin_ctzl(*x); *x >>= result; #elif defined(HAVE_BITSCANFORWARD64) + unsigned long result; _BitScanForward64(&result, *x); *x >>= result; #elif defined(HAVE_BITSCANFORWARD) + unsigned long result; _BitScanForward(&result, *x); *x >>= result; #else - result = 0; + int result = 0; while ((*x & 1) == 0) { ++result; *x >>= 1; } #endif - return result; + return (int)result; } @@ -865,7 +867,7 @@ encode_mcu_AC_refine_prepare(const JCOEF *block, #define ENCODE_COEFS_AC_REFINE(label) { \ while (zerobits) { \ - int idx = count_zeroes(&zerobits); \ + idx = count_zeroes(&zerobits); \ r += idx; \ cabsvalue += idx; \ signbits >>= idx; \ @@ -922,7 +924,7 @@ METHODDEF(boolean) encode_mcu_AC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) { phuff_entropy_ptr entropy = (phuff_entropy_ptr)cinfo->entropy; - register int temp, r; + register int temp, r, idx; char *BR_buffer; unsigned int BR; int Sl = cinfo->Se - cinfo->Ss + 1; @@ -973,7 +975,7 @@ encode_mcu_AC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) if (zerobits) { int diff = ((absvalues + DCTSIZE2 / 2) - cabsvalue); - int idx = count_zeroes(&zerobits); + idx = count_zeroes(&zerobits); signbits >>= idx; idx += diff; r += idx; @@ -540,6 +540,12 @@ process_restart(j_decompress_ptr cinfo) } +#if defined(__has_feature) +#if __has_feature(undefined_behavior_sanitizer) +__attribute__((no_sanitize("signed-integer-overflow"), + no_sanitize("unsigned-integer-overflow"))) +#endif +#endif LOCAL(boolean) decode_mcu_slow(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) { @@ -572,11 +578,15 @@ decode_mcu_slow(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) if (entropy->dc_needed[blkn]) { /* Convert DC difference to actual value, update last_dc_val */ int ci = cinfo->MCU_membership[blkn]; - /* This is really just - * s += state.last_dc_val[ci]; - * It is written this way in order to shut up UBSan. + /* Certain malformed JPEG images produce repeated DC coefficient + * differences of 2047 or -2047, which causes state.last_dc_val[ci] to + * grow until it overflows or underflows a 32-bit signed integer. This + * behavior is, to the best of our understanding, innocuous, and it is + * unclear how to work around it without potentially affecting + * performance. Thus, we (hopefully temporarily) suppress UBSan integer + * overflow errors for this function. */ - s = (int)((unsigned int)s + (unsigned int)state.last_dc_val[ci]); + s += state.last_dc_val[ci]; state.last_dc_val[ci] = s; if (block) { /* Output the DC coefficient (assumes jpeg_natural_order[0] = 0) */ @@ -662,7 +672,7 @@ decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) d_derived_tbl *actbl = entropy->ac_cur_tbls[blkn]; register int s, k, r, l; - HUFF_DECODE_FAST(s, l, dctbl, slow_decode_mcu); + HUFF_DECODE_FAST(s, l, dctbl); if (s) { FILL_BIT_BUFFER_FAST r = GET_BITS(s); @@ -671,7 +681,7 @@ decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) if (entropy->dc_needed[blkn]) { int ci = cinfo->MCU_membership[blkn]; - s = (int)((unsigned int)s + (unsigned int)state.last_dc_val[ci]); + s += state.last_dc_val[ci]; state.last_dc_val[ci] = s; if (block) (*block)[0] = (JCOEF)s; @@ -680,7 +690,7 @@ decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) if (entropy->ac_needed[blkn] && block) { for (k = 1; k < DCTSIZE2; k++) { - HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu); + HUFF_DECODE_FAST(s, l, actbl); r = s >> 4; s &= 15; @@ -699,7 +709,7 @@ decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) } else { for (k = 1; k < DCTSIZE2; k++) { - HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu); + HUFF_DECODE_FAST(s, l, actbl); r = s >> 4; s &= 15; @@ -716,7 +726,6 @@ decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) } if (cinfo->unread_marker != 0) { -slow_decode_mcu: cinfo->unread_marker = 0; return FALSE; } @@ -779,7 +788,8 @@ use_slow: } /* Account for restart interval (no-op if not using restarts) */ - entropy->restarts_to_go--; + if (cinfo->restart_interval) + entropy->restarts_to_go--; return TRUE; } @@ -4,7 +4,7 @@ * This file was part of the Independent JPEG Group's software: * Copyright (C) 1991-1997, Thomas G. Lane. * libjpeg-turbo Modifications: - * Copyright (C) 2010-2011, 2015-2016, D. R. Commander. + * Copyright (C) 2010-2011, 2015-2016, 2021, D. R. Commander. * Copyright (C) 2018, Matthias Räncker. * For conditions of distribution and use, see the accompanying README.ijg * file. @@ -217,7 +217,7 @@ slowlabel: \ } \ } -#define HUFF_DECODE_FAST(s, nb, htbl, slowlabel) \ +#define HUFF_DECODE_FAST(s, nb, htbl) \ FILL_BIT_BUFFER_FAST; \ s = PEEK_BITS(HUFF_LOOKAHEAD); \ s = htbl->lookup[s]; \ @@ -235,8 +235,9 @@ slowlabel: \ nb++; \ } \ if (nb > 16) \ - goto slowlabel; \ - s = htbl->pub->huffval[(int)(s + htbl->valoffset[nb]) & 0xFF]; \ + s = 0; \ + else \ + s = htbl->pub->huffval[(int)(s + htbl->valoffset[nb]) & 0xFF]; \ } /* Out-of-line case for Huffman code fetching */ @@ -4,7 +4,7 @@ * This file was part of the Independent JPEG Group's software: * Copyright (C) 1995-1997, Thomas G. Lane. * libjpeg-turbo Modifications: - * Copyright (C) 2015-2016, 2018-2020, D. R. Commander. + * Copyright (C) 2015-2016, 2018-2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -348,7 +348,8 @@ decode_mcu_DC_first(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) } /* Account for restart interval (no-op if not using restarts) */ - entropy->restarts_to_go--; + if (cinfo->restart_interval) + entropy->restarts_to_go--; return TRUE; } @@ -432,7 +433,8 @@ decode_mcu_AC_first(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) } /* Account for restart interval (no-op if not using restarts) */ - entropy->restarts_to_go--; + if (cinfo->restart_interval) + entropy->restarts_to_go--; return TRUE; } @@ -483,7 +485,8 @@ decode_mcu_DC_refine(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) BITREAD_SAVE_STATE(cinfo, entropy->bitstate); /* Account for restart interval (no-op if not using restarts) */ - entropy->restarts_to_go--; + if (cinfo->restart_interval) + entropy->restarts_to_go--; return TRUE; } @@ -626,7 +629,8 @@ decode_mcu_AC_refine(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) } /* Account for restart interval (no-op if not using restarts) */ - entropy->restarts_to_go--; + if (cinfo->restart_interval) + entropy->restarts_to_go--; return TRUE; @@ -18,6 +18,12 @@ #ifndef JPEGLIB_H #define JPEGLIB_H +/* Begin chromium edits */ +#ifdef MANGLE_JPEG_NAMES +#include "jpeglibmangler.h" +#endif +/* End chromium edits */ + /* * First we include the configuration files that record how this * installation of the JPEG library is set up. jconfig.h can be @@ -4,7 +4,7 @@ * This file was part of the Independent JPEG Group's software: * Copyright (C) 1991-2020, Thomas G. Lane, Guido Vollbeding. * libjpeg-turbo Modifications: - * Copyright (C) 2010, 2012-2020, D. R. Commander. + * Copyright (C) 2010, 2012-2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -37,7 +37,7 @@ */ #define JCOPYRIGHT \ - "Copyright (C) 2009-2020 D. R. Commander\n" \ + "Copyright (C) 2009-2021 D. R. Commander\n" \ "Copyright (C) 2015, 2020 Google, Inc.\n" \ "Copyright (C) 2019-2020 Arm Limited\n" \ "Copyright (C) 2015-2016, 2018 Matthieu Darbois\n" \ @@ -51,4 +51,4 @@ "Copyright (C) 1991-2020 Thomas G. Lane, Guido Vollbeding" #define JCOPYRIGHT_SHORT \ - "Copyright (C) 1991-2020 The libjpeg-turbo Project and many others" + "Copyright (C) 1991-2021 The libjpeg-turbo Project and many others" @@ -6,7 +6,7 @@ * Modified 2009-2017 by Guido Vollbeding. * libjpeg-turbo Modifications: * Modified 2011 by Siarhei Siamashka. - * Copyright (C) 2015, 2017-2018, D. R. Commander. + * Copyright (C) 2015, 2017-2018, 2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -424,14 +424,14 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) (((unsigned int)UCH(array[offset + 2])) << 16) + \ (((unsigned int)UCH(array[offset + 3])) << 24)) - unsigned int bfOffBits; - unsigned int headerSize; + int bfOffBits; + int headerSize; int biWidth; int biHeight; unsigned short biPlanes; unsigned int biCompression; int biXPelsPerMeter, biYPelsPerMeter; - unsigned int biClrUsed = 0; + int biClrUsed = 0; int mapentrysize = 0; /* 0 indicates no colormap */ int bPad; JDIMENSION row_width = 0; @@ -450,7 +450,7 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) if (!ReadOK(source->pub.input_file, bmpinfoheader, 4)) ERREXIT(cinfo, JERR_INPUT_EOF); headerSize = GET_4B(bmpinfoheader, 0); - if (headerSize < 12 || headerSize > 64) + if (headerSize < 12 || headerSize > 64 || (headerSize + 14) > bfOffBits) ERREXIT(cinfo, JERR_BMP_BADHEADER); if (!ReadOK(source->pub.input_file, bmpinfoheader + 4, headerSize - 4)) ERREXIT(cinfo, JERR_INPUT_EOF); @@ -522,6 +522,11 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) if (biWidth <= 0 || biHeight <= 0) ERREXIT(cinfo, JERR_BMP_EMPTY); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (sinfo->max_pixels && + (unsigned long long)biWidth * biHeight > sinfo->max_pixels) + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); +#endif if (biPlanes != 1) ERREXIT(cinfo, JERR_BMP_BADPLANES); @@ -575,7 +580,9 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) cinfo->input_components = 4; else ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE); - row_width = (JDIMENSION)(biWidth * 3); + if ((unsigned long long)biWidth * 3ULL > 0xFFFFFFFFULL) + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + row_width = (JDIMENSION)biWidth * 3; break; case 32: if (cinfo->in_color_space == JCS_UNKNOWN) @@ -586,7 +593,9 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) cinfo->input_components = 4; else ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE); - row_width = (JDIMENSION)(biWidth * 4); + if ((unsigned long long)biWidth * 4ULL > 0xFFFFFFFFULL) + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + row_width = (JDIMENSION)biWidth * 4; break; default: ERREXIT(cinfo, JERR_BMP_BADDEPTH); @@ -631,7 +640,7 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) /* Allocate one-row buffer for returned data */ source->pub.buffer = (*cinfo->mem->alloc_sarray) ((j_common_ptr)cinfo, JPOOL_IMAGE, - (JDIMENSION)(biWidth * cinfo->input_components), (JDIMENSION)1); + (JDIMENSION)biWidth * (JDIMENSION)cinfo->input_components, (JDIMENSION)1); source->pub.buffer_height = 1; cinfo->data_precision = 8; @@ -668,6 +677,9 @@ jinit_read_bmp(j_compress_ptr cinfo, boolean use_inversion_array) /* Fill in method ptrs, except get_pixel_rows which start_input sets */ source->pub.start_input = start_input_bmp; source->pub.finish_input = finish_input_bmp; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + source->pub.max_pixels = 0; +#endif source->use_inversion_array = use_inversion_array; @@ -1,9 +1,11 @@ /* * rdgif.c * + * This file was part of the Independent JPEG Group's software: * Copyright (C) 1991-1997, Thomas G. Lane. * Modified 2019 by Guido Vollbeding. - * This file is part of the Independent JPEG Group's software. + * libjpeg-turbo Modifications: + * Copyright (C) 2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -404,6 +406,13 @@ start_input_gif(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) ERREXIT(cinfo, JERR_INPUT_EOF); width = LM_to_uint(hdrbuf, 0); height = LM_to_uint(hdrbuf, 2); + if (width == 0 || height == 0) + ERREXIT(cinfo, JERR_GIF_EMPTY); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (sinfo->max_pixels && + (unsigned long long)width * height > sinfo->max_pixels) + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); +#endif /* we ignore the color resolution, sort flag, and background color index */ aspectRatio = UCH(hdrbuf[6]); if (aspectRatio != 0 && aspectRatio != 49) @@ -446,6 +455,13 @@ start_input_gif(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) /* we ignore top/left position info, also sort flag */ width = LM_to_uint(hdrbuf, 4); height = LM_to_uint(hdrbuf, 6); + if (width == 0 || height == 0) + ERREXIT(cinfo, JERR_GIF_EMPTY); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (sinfo->max_pixels && + (unsigned long long)width * height > sinfo->max_pixels) + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); +#endif source->is_interlaced = (BitSet(hdrbuf[8], INTERLACE) != 0); /* Read local colormap if header indicates it is present */ @@ -669,6 +685,9 @@ jinit_read_gif(j_compress_ptr cinfo) /* Fill in method ptrs, except get_pixel_rows which start_input sets */ source->pub.start_input = start_input_gif; source->pub.finish_input = finish_input_gif; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + source->pub.max_pixels = 0; +#endif return (cjpeg_source_ptr)source; } @@ -5,7 +5,7 @@ * Copyright (C) 1991-1997, Thomas G. Lane. * Modified 2009 by Bill Allombert, Guido Vollbeding. * libjpeg-turbo Modifications: - * Copyright (C) 2015-2017, 2020, D. R. Commander. + * Copyright (C) 2015-2017, 2020-2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -112,11 +112,10 @@ read_pbm_integer(j_compress_ptr cinfo, FILE *infile, unsigned int maxval) while ((ch = pbm_getc(infile)) >= '0' && ch <= '9') { val *= 10; val += ch - '0'; + if (val > maxval) + ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); } - if (val > maxval) - ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); - return val; } @@ -516,6 +515,11 @@ get_word_rgb_row(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) register JSAMPLE *rescale = source->rescale; JDIMENSION col; unsigned int maxval = source->maxval; + register int rindex = rgb_red[cinfo->in_color_space]; + register int gindex = rgb_green[cinfo->in_color_space]; + register int bindex = rgb_blue[cinfo->in_color_space]; + register int aindex = alpha_index[cinfo->in_color_space]; + register int ps = rgb_pixelsize[cinfo->in_color_space]; if (!ReadOK(source->pub.input_file, source->iobuffer, source->buffer_width)) ERREXIT(cinfo, JERR_INPUT_EOF); @@ -527,17 +531,20 @@ get_word_rgb_row(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); - *ptr++ = rescale[temp]; + ptr[rindex] = rescale[temp]; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); - *ptr++ = rescale[temp]; + ptr[gindex] = rescale[temp]; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); - *ptr++ = rescale[temp]; + ptr[bindex] = rescale[temp]; + if (aindex >= 0) + ptr[aindex] = 0xFF; + ptr += ps; } return 1; } @@ -579,6 +586,10 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) if (w <= 0 || h <= 0 || maxval <= 0) /* error check */ ERREXIT(cinfo, JERR_PPM_NOT); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (sinfo->max_pixels && (unsigned long long)w * h > sinfo->max_pixels) + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); +#endif cinfo->data_precision = BITS_IN_JSAMPLE; /* we always rescale data to this */ cinfo->image_width = (JDIMENSION)w; @@ -624,7 +635,10 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) cinfo->in_color_space = JCS_GRAYSCALE; TRACEMS2(cinfo, 1, JTRC_PGM, w, h); if (maxval > 255) { - source->pub.get_pixel_rows = get_word_gray_row; + if (cinfo->in_color_space == JCS_GRAYSCALE) + source->pub.get_pixel_rows = get_word_gray_row; + else + ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE); } else if (maxval == MAXJSAMPLE && sizeof(JSAMPLE) == sizeof(U_CHAR) && cinfo->in_color_space == JCS_GRAYSCALE) { source->pub.get_pixel_rows = get_raw_row; @@ -647,7 +661,10 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) cinfo->in_color_space = JCS_EXT_RGB; TRACEMS2(cinfo, 1, JTRC_PPM, w, h); if (maxval > 255) { - source->pub.get_pixel_rows = get_word_rgb_row; + if (IsExtRGB(cinfo->in_color_space)) + source->pub.get_pixel_rows = get_word_rgb_row; + else + ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE); } else if (maxval == MAXJSAMPLE && sizeof(JSAMPLE) == sizeof(U_CHAR) && #if RGB_RED == 0 && RGB_GREEN == 1 && RGB_BLUE == 2 && RGB_PIXELSIZE == 3 (cinfo->in_color_space == JCS_EXT_RGB || @@ -713,6 +730,8 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, (size_t)(((long)MAX(maxval, 255) + 1L) * sizeof(JSAMPLE))); + MEMZERO(source->rescale, (size_t)(((long)MAX(maxval, 255) + 1L) * + sizeof(JSAMPLE))); half_maxval = maxval / 2; for (val = 0; val <= (long)maxval; val++) { /* The multiplication here must be done in 32 bits to avoid overflow */ @@ -750,6 +769,9 @@ jinit_read_ppm(j_compress_ptr cinfo) /* Fill in method ptrs, except get_pixel_rows which start_input sets */ source->pub.start_input = start_input_ppm; source->pub.finish_input = finish_input_ppm; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + source->pub.max_pixels = 0; +#endif return (cjpeg_source_ptr)source; } @@ -5,7 +5,7 @@ * Copyright (C) 1991-1996, Thomas G. Lane. * Modified 2017 by Guido Vollbeding. * libjpeg-turbo Modifications: - * Copyright (C) 2018, D. R. Commander. + * Copyright (C) 2018, 2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -363,6 +363,11 @@ start_input_tga(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) interlace_type != 0 || /* currently don't allow interlaced image */ width == 0 || height == 0) /* image width/height must be non-zero */ ERREXIT(cinfo, JERR_TGA_BADPARMS); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + if (sinfo->max_pixels && + (unsigned long long)width * height > sinfo->max_pixels) + ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); +#endif if (subtype > 8) { /* It's an RLE-coded file */ @@ -493,6 +498,9 @@ jinit_read_targa(j_compress_ptr cinfo) /* Fill in method ptrs, except get_pixel_rows which start_input sets */ source->pub.start_input = start_input_tga; source->pub.finish_input = finish_input_tga; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + source->pub.max_pixels = 0; +#endif return (cjpeg_source_ptr)source; } diff --git a/simd/CMakeLists.txt b/simd/CMakeLists.txt deleted file mode 100755 index f3c24ef0..00000000 --- a/simd/CMakeLists.txt +++ /dev/null @@ -1,425 +0,0 @@ -macro(simd_fail message) - if(REQUIRE_SIMD) - message(FATAL_ERROR "${message}.") - else() - message(WARNING "${message}. Performance will suffer.") - set(WITH_SIMD 0 PARENT_SCOPE) - endif() -endmacro() - - -############################################################################### -# x86[-64] (NASM) -############################################################################### - -if(CPU_TYPE STREQUAL "x86_64" OR CPU_TYPE STREQUAL "i386") - -set(CMAKE_ASM_NASM_FLAGS_DEBUG_INIT "-g") -set(CMAKE_ASM_NASM_FLAGS_RELWITHDEBINFO_INIT "-g") - -# Allow the location of the NASM executable to be specified using the ASM_NASM -# environment variable. This should happen automatically, but unfortunately -# enable_language(ASM_NASM) doesn't parse the ASM_NASM environment variable -# until after CMAKE_ASM_NASM_COMPILER has been populated with the results of -# searching for NASM or YASM in the PATH. -if(NOT DEFINED CMAKE_ASM_NASM_COMPILER AND DEFINED ENV{ASM_NASM}) - set(CMAKE_ASM_NASM_COMPILER $ENV{ASM_NASM}) -endif() - -if(CPU_TYPE STREQUAL "x86_64") - if(CYGWIN) - set(CMAKE_ASM_NASM_OBJECT_FORMAT win64) - endif() - if(CMAKE_C_COMPILER_ABI MATCHES "ELF X32") - set(CMAKE_ASM_NASM_OBJECT_FORMAT elfx32) - endif() -elseif(CPU_TYPE STREQUAL "i386") - if(BORLAND) - set(CMAKE_ASM_NASM_OBJECT_FORMAT obj) - elseif(CYGWIN) - set(CMAKE_ASM_NASM_OBJECT_FORMAT win32) - endif() -endif() - -if(NOT REQUIRE_SIMD) - include(CheckLanguage) - check_language(ASM_NASM) - if(NOT CMAKE_ASM_NASM_COMPILER) - simd_fail("SIMD extensions disabled: could not find NASM compiler") - return() - endif() -endif() -enable_language(ASM_NASM) -message(STATUS "CMAKE_ASM_NASM_COMPILER = ${CMAKE_ASM_NASM_COMPILER}") - -if(CMAKE_ASM_NASM_OBJECT_FORMAT MATCHES "macho*") - set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DMACHO") -elseif(CMAKE_ASM_NASM_OBJECT_FORMAT MATCHES "elf*") - set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DELF") - set(CMAKE_ASM_NASM_DEBUG_FORMAT "dwarf2") -endif() -if(CPU_TYPE STREQUAL "x86_64") - if(WIN32 OR CYGWIN) - set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DWIN64") - endif() - set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -D__x86_64__") -elseif(CPU_TYPE STREQUAL "i386") - if(BORLAND) - set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DOBJ32") - elseif(WIN32 OR CYGWIN) - set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DWIN32") - endif() -endif() - -message(STATUS "CMAKE_ASM_NASM_OBJECT_FORMAT = ${CMAKE_ASM_NASM_OBJECT_FORMAT}") - -if(NOT CMAKE_ASM_NASM_OBJECT_FORMAT) - simd_fail("SIMD extensions disabled: could not determine NASM object format") - return() -endif() - -get_filename_component(CMAKE_ASM_NASM_COMPILER_TYPE - "${CMAKE_ASM_NASM_COMPILER}" NAME_WE) -if(CMAKE_ASM_NASM_COMPILER_TYPE MATCHES "yasm") - foreach(var CMAKE_ASM_NASM_FLAGS_DEBUG CMAKE_ASM_NASM_FLAGS_RELWITHDEBINFO) - if(${var} STREQUAL "-g") - if(CMAKE_ASM_NASM_DEBUG_FORMAT) - set_property(CACHE ${var} PROPERTY VALUE "-g ${CMAKE_ASM_NASM_DEBUG_FORMAT}") - else() - set_property(CACHE ${var} PROPERTY VALUE "") - endif() - endif() - endforeach() -endif() - -if(NOT WIN32 AND (CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED)) - set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DPIC") -endif() - -string(TOUPPER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_UC) -set(EFFECTIVE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} ${CMAKE_ASM_NASM_FLAGS_${CMAKE_BUILD_TYPE_UC}}") -message(STATUS "CMAKE_ASM_NASM_FLAGS = ${EFFECTIVE_ASM_NASM_FLAGS}") - -set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -I\"${CMAKE_CURRENT_SOURCE_DIR}/nasm/\" -I\"${CMAKE_CURRENT_SOURCE_DIR}/${CPU_TYPE}/\"") - -set(GREP grep) -if(CMAKE_SYSTEM_NAME STREQUAL "SunOS") - set(GREP ggrep) -endif() -add_custom_target(jsimdcfg COMMAND - ${CMAKE_C_COMPILER} -E -I${CMAKE_BINARY_DIR} -I${CMAKE_CURRENT_BINARY_DIR} - -I${CMAKE_CURRENT_SOURCE_DIR} - ${CMAKE_CURRENT_SOURCE_DIR}/nasm/jsimdcfg.inc.h | - ${GREP} -E '^[\;%]|^\ %' | sed 's%_cpp_protection_%%' | - sed 's@% define@%define@g' >${CMAKE_CURRENT_SOURCE_DIR}/nasm/jsimdcfg.inc) - -if(CPU_TYPE STREQUAL "x86_64") - set(SIMD_SOURCES x86_64/jsimdcpu.asm x86_64/jfdctflt-sse.asm - x86_64/jccolor-sse2.asm x86_64/jcgray-sse2.asm x86_64/jchuff-sse2.asm - x86_64/jcphuff-sse2.asm x86_64/jcsample-sse2.asm x86_64/jdcolor-sse2.asm - x86_64/jdmerge-sse2.asm x86_64/jdsample-sse2.asm x86_64/jfdctfst-sse2.asm - x86_64/jfdctint-sse2.asm x86_64/jidctflt-sse2.asm x86_64/jidctfst-sse2.asm - x86_64/jidctint-sse2.asm x86_64/jidctred-sse2.asm x86_64/jquantf-sse2.asm - x86_64/jquanti-sse2.asm - x86_64/jccolor-avx2.asm x86_64/jcgray-avx2.asm x86_64/jcsample-avx2.asm - x86_64/jdcolor-avx2.asm x86_64/jdmerge-avx2.asm x86_64/jdsample-avx2.asm - x86_64/jfdctint-avx2.asm x86_64/jidctint-avx2.asm x86_64/jquanti-avx2.asm) -else() - set(SIMD_SOURCES i386/jsimdcpu.asm i386/jfdctflt-3dn.asm - i386/jidctflt-3dn.asm i386/jquant-3dn.asm - i386/jccolor-mmx.asm i386/jcgray-mmx.asm i386/jcsample-mmx.asm - i386/jdcolor-mmx.asm i386/jdmerge-mmx.asm i386/jdsample-mmx.asm - i386/jfdctfst-mmx.asm i386/jfdctint-mmx.asm i386/jidctfst-mmx.asm - i386/jidctint-mmx.asm i386/jidctred-mmx.asm i386/jquant-mmx.asm - i386/jfdctflt-sse.asm i386/jidctflt-sse.asm i386/jquant-sse.asm - i386/jccolor-sse2.asm i386/jcgray-sse2.asm i386/jchuff-sse2.asm - i386/jcphuff-sse2.asm i386/jcsample-sse2.asm i386/jdcolor-sse2.asm - i386/jdmerge-sse2.asm i386/jdsample-sse2.asm i386/jfdctfst-sse2.asm - i386/jfdctint-sse2.asm i386/jidctflt-sse2.asm i386/jidctfst-sse2.asm - i386/jidctint-sse2.asm i386/jidctred-sse2.asm i386/jquantf-sse2.asm - i386/jquanti-sse2.asm - i386/jccolor-avx2.asm i386/jcgray-avx2.asm i386/jcsample-avx2.asm - i386/jdcolor-avx2.asm i386/jdmerge-avx2.asm i386/jdsample-avx2.asm - i386/jfdctint-avx2.asm i386/jidctint-avx2.asm i386/jquanti-avx2.asm) -endif() - -if(MSVC_IDE) - set(OBJDIR "${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}") - string(REGEX REPLACE " " ";" CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS}") -elseif(XCODE) - set(OBJDIR "${CMAKE_CURRENT_BINARY_DIR}") - string(REGEX REPLACE " " ";" CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS}") -endif() - -file(GLOB INC_FILES nasm/*.inc) - -foreach(file ${SIMD_SOURCES}) - set(OBJECT_DEPENDS "") - if(${file} MATCHES jccolor) - string(REGEX REPLACE "jccolor" "jccolext" DEPFILE ${file}) - set(OBJECT_DEPENDS ${OBJECT_DEPENDS} - ${CMAKE_CURRENT_SOURCE_DIR}/${DEPFILE}) - endif() - if(${file} MATCHES jcgray) - string(REGEX REPLACE "jcgray" "jcgryext" DEPFILE ${file}) - set(OBJECT_DEPENDS ${OBJECT_DEPENDS} - ${CMAKE_CURRENT_SOURCE_DIR}/${DEPFILE}) - endif() - if(${file} MATCHES jdcolor) - string(REGEX REPLACE "jdcolor" "jdcolext" DEPFILE ${file}) - set(OBJECT_DEPENDS ${OBJECT_DEPENDS} - ${CMAKE_CURRENT_SOURCE_DIR}/${DEPFILE}) - endif() - if(${file} MATCHES jdmerge) - string(REGEX REPLACE "jdmerge" "jdmrgext" DEPFILE ${file}) - set(OBJECT_DEPENDS ${OBJECT_DEPENDS} - ${CMAKE_CURRENT_SOURCE_DIR}/${DEPFILE}) - endif() - set(OBJECT_DEPENDS ${OBJECT_DEPENDS} ${INC_FILES}) - if(MSVC_IDE OR XCODE) - # The CMake Visual Studio generators do not work properly with the ASM_NASM - # language, so we have to go rogue here and use a custom command like we - # did in prior versions of libjpeg-turbo. (This is why we can't have nice - # things.) - string(REGEX REPLACE "${CPU_TYPE}/" "" filename ${file}) - set(SIMD_OBJ ${OBJDIR}/${filename}${CMAKE_C_OUTPUT_EXTENSION}) - add_custom_command(OUTPUT ${SIMD_OBJ} DEPENDS ${file} ${OBJECT_DEPENDS} - COMMAND ${CMAKE_ASM_NASM_COMPILER} -f${CMAKE_ASM_NASM_OBJECT_FORMAT} - ${CMAKE_ASM_NASM_FLAGS} ${CMAKE_CURRENT_SOURCE_DIR}/${file} - -o${SIMD_OBJ}) - set(SIMD_OBJS ${SIMD_OBJS} ${SIMD_OBJ}) - else() - set_source_files_properties(${file} PROPERTIES OBJECT_DEPENDS - "${OBJECT_DEPENDS}") - endif() -endforeach() - -if(MSVC_IDE OR XCODE) - set(SIMD_OBJS ${SIMD_OBJS} PARENT_SCOPE) - add_library(simd OBJECT ${CPU_TYPE}/jsimd.c) - add_custom_target(simd-objs DEPENDS ${SIMD_OBJS}) - add_dependencies(simd simd-objs) -else() - add_library(simd OBJECT ${SIMD_SOURCES} ${CPU_TYPE}/jsimd.c) -endif() -if(NOT WIN32 AND (CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED)) - set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1) -endif() - - -############################################################################### -# Arm (Intrinsics or GAS) -############################################################################### - -elseif(CPU_TYPE STREQUAL "arm64" OR CPU_TYPE STREQUAL "arm") - -include(CheckSymbolExists) -if(BITS EQUAL 32) - set(CMAKE_REQUIRED_FLAGS -mfpu=neon) -endif() -check_symbol_exists(vld1_s16_x3 arm_neon.h HAVE_VLD1_S16_X3) -check_symbol_exists(vld1_u16_x2 arm_neon.h HAVE_VLD1_U16_X2) -check_symbol_exists(vld1q_u8_x4 arm_neon.h HAVE_VLD1Q_U8_X4) -if(BITS EQUAL 32) - unset(CMAKE_REQUIRED_FLAGS) -endif() -configure_file(arm/neon-compat.h.in arm/neon-compat.h @ONLY) -include_directories(${CMAKE_CURRENT_BINARY_DIR}/arm) - -# GCC (as of this writing) and some older versions of Clang do not have a full -# or optimal set of Neon intrinsics, so for performance reasons, when using -# those compilers, we default to using the older GAS implementation of the Neon -# SIMD extensions for certain algorithms. The presence or absence of the three -# intrinsics we tested above is a reasonable proxy for this. We always default -# to using the full Neon intrinsics implementation when building for macOS or -# iOS, to avoid the need for gas-preprocessor. -if((HAVE_VLD1_S16_X3 AND HAVE_VLD1_U16_X2 AND HAVE_VLD1Q_U8_X4) OR APPLE) - set(DEFAULT_NEON_INTRINSICS 1) -else() - set(DEFAULT_NEON_INTRINSICS 0) -endif() -option(NEON_INTRINSICS - "Because GCC (as of this writing) and some older versions of Clang do not have a full or optimal set of Neon intrinsics, for performance reasons, the default when building libjpeg-turbo with those compilers is to continue using the older GAS implementation of the Neon SIMD extensions for certain algorithms. Setting this option forces the full Neon intrinsics implementation to be used with all compilers. Unsetting this option forces the hybrid GAS/intrinsics implementation to be used with all compilers." - ${DEFAULT_NEON_INTRINSICS}) -boolean_number(NEON_INTRINSICS PARENT_SCOPE) -if(NEON_INTRINSICS) - add_definitions(-DNEON_INTRINSICS) - message(STATUS "Use full Neon SIMD intrinsics implementation (NEON_INTRINSICS = ${NEON_INTRINSICS})") -else() - message(STATUS "Use partial Neon SIMD intrinsics implementation (NEON_INTRINSICS = ${NEON_INTRINSICS})") -endif() - -set(SIMD_SOURCES arm/jcgray-neon.c arm/jcphuff-neon.c arm/jcsample-neon.c - arm/jdmerge-neon.c arm/jdsample-neon.c arm/jfdctfst-neon.c - arm/jidctred-neon.c arm/jquanti-neon.c) -if(NEON_INTRINSICS) - set(SIMD_SOURCES ${SIMD_SOURCES} arm/jccolor-neon.c arm/jidctint-neon.c) -endif() -if(NEON_INTRINSICS OR BITS EQUAL 64) - set(SIMD_SOURCES ${SIMD_SOURCES} arm/jidctfst-neon.c) -endif() -if(NEON_INTRINSICS OR BITS EQUAL 32) - set(SIMD_SOURCES ${SIMD_SOURCES} arm/aarch${BITS}/jchuff-neon.c - arm/jdcolor-neon.c arm/jfdctint-neon.c) -endif() -if(BITS EQUAL 32) - set_source_files_properties(${SIMD_SOURCES} COMPILE_FLAGS -mfpu=neon) -endif() -if(NOT NEON_INTRINSICS) - enable_language(ASM) - - set(CMAKE_ASM_FLAGS "${CMAKE_C_FLAGS} ${CMAKE_ASM_FLAGS}") - - string(TOUPPER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_UC) - set(EFFECTIVE_ASM_FLAGS "${CMAKE_ASM_FLAGS} ${CMAKE_ASM_FLAGS_${CMAKE_BUILD_TYPE_UC}}") - message(STATUS "CMAKE_ASM_FLAGS = ${EFFECTIVE_ASM_FLAGS}") - - set(SIMD_SOURCES ${SIMD_SOURCES} arm/aarch${BITS}/jsimd_neon.S) -endif() - -add_library(simd OBJECT ${SIMD_SOURCES} arm/aarch${BITS}/jsimd.c) - -if(CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED) - set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1) -endif() - - -############################################################################### -# MIPS (GAS) -############################################################################### - -elseif(CPU_TYPE STREQUAL "mips" OR CPU_TYPE STREQUAL "mipsel") - -enable_language(ASM) - -string(TOUPPER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_UC) -set(EFFECTIVE_ASM_FLAGS "${CMAKE_ASM_FLAGS} ${CMAKE_ASM_FLAGS_${CMAKE_BUILD_TYPE_UC}}") -message(STATUS "CMAKE_ASM_FLAGS = ${EFFECTIVE_ASM_FLAGS}") - -set(CMAKE_REQUIRED_FLAGS -mdspr2) - -check_c_source_compiles(" - #if !(defined(__mips__) && __mips_isa_rev >= 2) - #error MIPS DSPr2 is currently only available on MIPS32r2 platforms. - #endif - int main(void) { - int c = 0, a = 0, b = 0; - __asm__ __volatile__ ( - \"precr.qb.ph %[c], %[a], %[b]\" - : [c] \"=r\" (c) - : [a] \"r\" (a), [b] \"r\" (b) - ); - return c; - }" HAVE_DSPR2) - -unset(CMAKE_REQUIRED_FLAGS) - -if(NOT HAVE_DSPR2) - simd_fail("SIMD extensions not available for this CPU") - return() -endif() - -add_library(simd OBJECT mips/jsimd_dspr2.S mips/jsimd.c) - -if(CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED) - set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1) -endif() - -############################################################################### -# MIPS64 (Intrinsics) -############################################################################### - -elseif(CPU_TYPE STREQUAL "loongson" OR CPU_TYPE MATCHES "mips64*") - -set(CMAKE_REQUIRED_FLAGS -Wa,-mloongson-mmi,-mloongson-ext) - -check_c_source_compiles(" - int main(void) { - int c = 0, a = 0, b = 0; - asm ( - \"paddb %0, %1, %2\" - : \"=f\" (c) - : \"f\" (a), \"f\" (b) - ); - return c; - }" HAVE_MMI) - -unset(CMAKE_REQUIRED_FLAGS) - -if(NOT HAVE_MMI) - simd_fail("SIMD extensions not available for this CPU") - return() -endif() - -set(SIMD_SOURCES mips64/jccolor-mmi.c mips64/jcgray-mmi.c mips64/jcsample-mmi.c - mips64/jdcolor-mmi.c mips64/jdmerge-mmi.c mips64/jdsample-mmi.c - mips64/jfdctfst-mmi.c mips64/jfdctint-mmi.c mips64/jidctfst-mmi.c - mips64/jidctint-mmi.c mips64/jquanti-mmi.c) - -if(CMAKE_COMPILER_IS_GNUCC) - foreach(file ${SIMD_SOURCES}) - set_property(SOURCE ${file} APPEND_STRING PROPERTY COMPILE_FLAGS - " -fno-strict-aliasing") - endforeach() -endif() -foreach(file ${SIMD_SOURCES}) - set_property(SOURCE ${file} APPEND_STRING PROPERTY COMPILE_FLAGS - " -Wa,-mloongson-mmi,-mloongson-ext") -endforeach() - -add_library(simd OBJECT ${SIMD_SOURCES} mips64/jsimd.c) - -if(CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED) - set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1) -endif() - -############################################################################### -# PowerPC (Intrinsics) -############################################################################### - -elseif(CPU_TYPE STREQUAL "powerpc") - -set(CMAKE_REQUIRED_FLAGS -maltivec) - -check_c_source_compiles(" - #include <altivec.h> - int main(void) { - __vector int vi = { 0, 0, 0, 0 }; - int i[4]; - vec_st(vi, 0, i); - return i[0]; - }" HAVE_ALTIVEC) - -unset(CMAKE_REQUIRED_FLAGS) - -if(NOT HAVE_ALTIVEC) - simd_fail("SIMD extensions not available for this CPU (PowerPC SPE)") - return() -endif() - -set(SIMD_SOURCES powerpc/jccolor-altivec.c powerpc/jcgray-altivec.c - powerpc/jcsample-altivec.c powerpc/jdcolor-altivec.c - powerpc/jdmerge-altivec.c powerpc/jdsample-altivec.c - powerpc/jfdctfst-altivec.c powerpc/jfdctint-altivec.c - powerpc/jidctfst-altivec.c powerpc/jidctint-altivec.c - powerpc/jquanti-altivec.c) - -set_source_files_properties(${SIMD_SOURCES} PROPERTIES - COMPILE_FLAGS -maltivec) - -add_library(simd OBJECT ${SIMD_SOURCES} powerpc/jsimd.c) - -if(CMAKE_POSITION_INDEPENDENT_CODE OR ENABLE_SHARED) - set_target_properties(simd PROPERTIES POSITION_INDEPENDENT_CODE 1) -endif() - - -############################################################################### -# None -############################################################################### - -else() - -simd_fail("SIMD extensions not available for this CPU (${CMAKE_SYSTEM_PROCESSOR})") - -endif() # CPU_TYPE diff --git a/simd/arm/jchuff.h b/simd/arm/jchuff.h index d30759f5..d4edd5eb 100644 --- a/simd/arm/jchuff.h +++ b/simd/arm/jchuff.h @@ -6,7 +6,7 @@ * libjpeg-turbo Modifications: * Copyright (C) 2009, 2018, D. R. Commander. * Copyright (C) 2018, Matthias Räncker. - * Copyright (C) 2020, Arm Limited. + * Copyright (C) 2020-2021, Arm Limited. * For conditions of distribution and use, see the accompanying README.ijg * file. */ @@ -56,24 +56,6 @@ typedef struct { */ #if defined(__aarch64__) || defined(_M_ARM64) -#if defined(_MSC_VER) && !defined(__clang__) -#define SPLAT() { \ - buffer[0] = (JOCTET)(put_buffer >> 56); \ - buffer[1] = (JOCTET)(put_buffer >> 48); \ - buffer[2] = (JOCTET)(put_buffer >> 40); \ - buffer[3] = (JOCTET)(put_buffer >> 32); \ - buffer[4] = (JOCTET)(put_buffer >> 24); \ - buffer[5] = (JOCTET)(put_buffer >> 16); \ - buffer[6] = (JOCTET)(put_buffer >> 8); \ - buffer[7] = (JOCTET)(put_buffer ); \ -} -#else -#define SPLAT() { \ - __asm__("rev %x0, %x1" : "=r"(put_buffer) : "r"(put_buffer)); \ - *((uint64_t *)buffer) = put_buffer; \ -} -#endif - #define FLUSH() { \ if (put_buffer & 0x8080808080808080 & ~(put_buffer + 0x0101010101010101)) { \ EMIT_BYTE(put_buffer >> 56) \ @@ -85,27 +67,13 @@ typedef struct { EMIT_BYTE(put_buffer >> 8) \ EMIT_BYTE(put_buffer ) \ } else { \ - SPLAT() \ + *((uint64_t *)buffer) = BUILTIN_BSWAP64(put_buffer); \ buffer += 8; \ } \ } #else -#if defined(_MSC_VER) && !defined(__clang__) -#define SPLAT() { \ - buffer[0] = (JOCTET)(put_buffer >> 24); \ - buffer[1] = (JOCTET)(put_buffer >> 16); \ - buffer[2] = (JOCTET)(put_buffer >> 8); \ - buffer[3] = (JOCTET)(put_buffer ); \ -} -#else -#define SPLAT() { \ - __asm__("rev %0, %1" : "=r"(put_buffer) : "r"(put_buffer)); \ - *((uint32_t *)buffer) = put_buffer; \ -} -#endif - #define FLUSH() { \ if (put_buffer & 0x80808080 & ~(put_buffer + 0x01010101)) { \ EMIT_BYTE(put_buffer >> 24) \ @@ -113,7 +81,7 @@ typedef struct { EMIT_BYTE(put_buffer >> 8) \ EMIT_BYTE(put_buffer ) \ } else { \ - SPLAT() \ + *((uint32_t *)buffer) = BUILTIN_BSWAP32(put_buffer); \ buffer += 4; \ } \ } diff --git a/simd/arm/neon-compat.h b/simd/arm/neon-compat.h index 543d8600..3d77527c 100644 --- a/simd/arm/neon-compat.h +++ b/simd/arm/neon-compat.h @@ -25,13 +25,17 @@ #define HAVE_VLD1Q_U8_X4 #endif -/* Define compiler-independent count-leading-zeros macros */ +/* Define compiler-independent count-leading-zeros and byte-swap macros */ #if defined(_MSC_VER) && !defined(__clang__) #define BUILTIN_CLZ(x) _CountLeadingZeros(x) #define BUILTIN_CLZLL(x) _CountLeadingZeros64(x) +#define BUILTIN_BSWAP32(x) _byteswap_ulong(x) +#define BUILTIN_BSWAP64(x) _byteswap_uint64(x) #elif defined(__clang__) || defined(__GNUC__) #define BUILTIN_CLZ(x) __builtin_clz(x) #define BUILTIN_CLZLL(x) __builtin_clzll(x) +#define BUILTIN_BSWAP32(x) __builtin_bswap32(x) +#define BUILTIN_BSWAP64(x) __builtin_bswap64(x) #else #error "Unknown compiler" #endif diff --git a/simd/arm/neon-compat.h.in b/simd/arm/neon-compat.h.in index 23d6d28c..436c402a 100644 --- a/simd/arm/neon-compat.h.in +++ b/simd/arm/neon-compat.h.in @@ -23,13 +23,17 @@ #cmakedefine HAVE_VLD1_U16_X2 #cmakedefine HAVE_VLD1Q_U8_X4 -/* Define compiler-independent count-leading-zeros macros */ +/* Define compiler-independent count-leading-zeros and byte-swap macros */ #if defined(_MSC_VER) && !defined(__clang__) #define BUILTIN_CLZ(x) _CountLeadingZeros(x) #define BUILTIN_CLZLL(x) _CountLeadingZeros64(x) +#define BUILTIN_BSWAP32(x) _byteswap_ulong(x) +#define BUILTIN_BSWAP64(x) _byteswap_uint64(x) #elif defined(__clang__) || defined(__GNUC__) #define BUILTIN_CLZ(x) __builtin_clz(x) #define BUILTIN_CLZLL(x) __builtin_clzll(x) +#define BUILTIN_BSWAP32(x) __builtin_bswap32(x) +#define BUILTIN_BSWAP64(x) __builtin_bswap64(x) #else #error "Unknown compiler" #endif diff --git a/simd/i386/jcphuff-sse2.asm b/simd/i386/jcphuff-sse2.asm index 8b731783..c26b48a4 100644 --- a/simd/i386/jcphuff-sse2.asm +++ b/simd/i386/jcphuff-sse2.asm @@ -523,6 +523,8 @@ EXTN(jsimd_encode_mcu_AC_refine_prepare_sse2): add KK, 2 dec K jnz .BLOOPR16 + test LEN, 15 + je .PADDINGR .ELOOPR16: mov LENEND, LEN diff --git a/simd/x86_64/jcphuff-sse2.asm b/simd/x86_64/jcphuff-sse2.asm index 8ed44728..01b5c023 100644 --- a/simd/x86_64/jcphuff-sse2.asm +++ b/simd/x86_64/jcphuff-sse2.asm @@ -504,6 +504,8 @@ EXTN(jsimd_encode_mcu_AC_refine_prepare_sse2): add KK, 16 dec K jnz .BLOOPR16 + test LEN, 15 + je .PADDINGR .ELOOPR16: test LEN, 8 jz .TRYR7 diff --git a/testimages/test.scan b/testimages/test.scan index 563446da..2a8ea7f2 100644 --- a/testimages/test.scan +++ b/testimages/test.scan @@ -1,5 +1,8 @@ 0 1 2: 0 0 0 0; -0: 1 16 0 0; -0: 17 63 0 0; +0: 1 9 0 0; +0: 10 41 0 2; +0: 10 41 2 1; +0: 10 41 1 0; +0: 42 63 0 0; 1: 1 63 0 0; 2: 1 63 0 0; @@ -1,5 +1,5 @@ /* - * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved. + * Copyright (C)2009-2019, 2021 D. R. Commander. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -816,6 +816,8 @@ static void usage(char *progName) printf("-componly = Stop after running compression tests. Do not test decompression.\n"); printf("-nowrite = Do not write reference or output images (improves consistency of\n"); printf(" performance measurements.)\n"); + printf("-limitscans = Refuse to decompress or transform progressive JPEG images that\n"); + printf(" have an unreasonably large number of scans\n"); printf("-stoponwarning = Immediately discontinue the current\n"); printf(" compression/decompression/transform operation if the underlying codec\n"); printf(" throws a warning (non-fatal error)\n\n"); @@ -974,6 +976,8 @@ int tjbench(int argc, char *argv[]) compOnly = 1; else if (!strcasecmp(argv[i], "-nowrite")) doWrite = 0; + else if (!strcasecmp(argv[i], "-limitscans")) + flags |= TJFLAG_LIMITSCANS; else if (!strcasecmp(argv[i], "-stoponwarning")) flags |= TJFLAG_STOPONWARNING; else usage(argv[0]); @@ -30,7 +30,7 @@ #ifndef __MINGW32__ #include <stdio.h> #define snprintf(str, n, format, ...) \ - _snprintf_s(str, n, _TRUNCATE, format, __VA_ARGS__) + _snprintf_s(str, n, _TRUNCATE, format, ##__VA_ARGS__) #endif #define strcasecmp stricmp #define strncasecmp strnicmp diff --git a/turbojpeg.c b/turbojpeg.c index 8260555b..793a3eed 100644 --- a/turbojpeg.c +++ b/turbojpeg.c @@ -1,5 +1,5 @@ /* - * Copyright (C)2009-2020 D. R. Commander. All Rights Reserved. + * Copyright (C)2009-2021 D. R. Commander. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -112,6 +112,32 @@ typedef struct _tjinstance { boolean isInstanceError; } tjinstance; +struct my_progress_mgr { + struct jpeg_progress_mgr pub; + tjinstance *this; +}; +typedef struct my_progress_mgr *my_progress_ptr; + +static void my_progress_monitor(j_common_ptr dinfo) +{ + my_error_ptr myerr = (my_error_ptr)dinfo->err; + my_progress_ptr myprog = (my_progress_ptr)dinfo->progress; + + if (dinfo->is_decompressor) { + int scan_no = ((j_decompress_ptr)dinfo)->input_scan_number; + + if (scan_no > 500) { + snprintf(myprog->this->errStr, JMSG_LENGTH_MAX, + "Progressive JPEG image has more than 500 scans"); + snprintf(errStr, JMSG_LENGTH_MAX, + "Progressive JPEG image has more than 500 scans"); + myprog->this->isInstanceError = TRUE; + myerr->warning = FALSE; + longjmp(myerr->setjmp_buffer, 1); + } + } +} + static const int pixelsize[TJ_NUMSAMP] = { 3, 3, 3, 1, 3, 3 }; static const JXFORM_CODE xformtypes[TJ_NUMXOP] = { @@ -178,6 +204,11 @@ static int cs2pf[JPEG_NUMCS] = { this->isInstanceError = TRUE; THROWG(m) \ } +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +/* Private flag that triggers different TurboJPEG API behavior when fuzzing */ +#define TJFLAG_FUZZING (1 << 30) +#endif + #define GET_INSTANCE(handle) \ tjinstance *this = (tjinstance *)handle; \ j_compress_ptr cinfo = NULL; \ @@ -689,7 +720,10 @@ DLLEXPORT int tjCompress2(tjhandle handle, const unsigned char *srcBuf, jpeg_finish_compress(cinfo); bailout: - if (cinfo->global_state > CSTATE_START) jpeg_abort_compress(cinfo); + if (cinfo->global_state > CSTATE_START) { + if (alloc) (*cinfo->dest->term_destination) (cinfo); + jpeg_abort_compress(cinfo); + } free(row_pointer); if (this->jerr.warning) retval = -1; this->jerr.stopOnWarning = FALSE; @@ -1057,7 +1091,10 @@ DLLEXPORT int tjCompressFromYUVPlanes(tjhandle handle, jpeg_finish_compress(cinfo); bailout: - if (cinfo->global_state > CSTATE_START) jpeg_abort_compress(cinfo); + if (cinfo->global_state > CSTATE_START) { + if (alloc) (*cinfo->dest->term_destination) (cinfo); + jpeg_abort_compress(cinfo); + } for (i = 0; i < MAX_COMPONENTS; i++) { free(tmpbuf[i]); free(inbuf[i]); @@ -1245,6 +1282,7 @@ DLLEXPORT int tjDecompress2(tjhandle handle, const unsigned char *jpegBuf, { JSAMPROW *row_pointer = NULL; int i, retval = 0, jpegwidth, jpegheight, scaledw, scaledh; + struct my_progress_mgr progress; GET_DINSTANCE(handle); this->jerr.stopOnWarning = (flags & TJFLAG_STOPONWARNING) ? TRUE : FALSE; @@ -1261,6 +1299,14 @@ DLLEXPORT int tjDecompress2(tjhandle handle, const unsigned char *jpegBuf, else if (flags & TJFLAG_FORCESSE2) putenv("JSIMD_FORCESSE2=1"); #endif + if (flags & TJFLAG_LIMITSCANS) { + MEMZERO(&progress, sizeof(struct my_progress_mgr)); + progress.pub.progress_monitor = my_progress_monitor; + progress.this = this; + dinfo->progress = &progress.pub; + } else + dinfo->progress = NULL; + if (setjmp(this->jerr.setjmp_buffer)) { /* If we get here, the JPEG code has signaled an error. */ retval = -1; goto bailout; @@ -1579,6 +1625,7 @@ DLLEXPORT int tjDecompressToYUVPlanes(tjhandle handle, JSAMPLE *_tmpbuf = NULL, *ptr; JSAMPROW *outbuf[MAX_COMPONENTS], *tmpbuf[MAX_COMPONENTS]; int dctsize; + struct my_progress_mgr progress; GET_DINSTANCE(handle); this->jerr.stopOnWarning = (flags & TJFLAG_STOPONWARNING) ? TRUE : FALSE; @@ -1600,6 +1647,14 @@ DLLEXPORT int tjDecompressToYUVPlanes(tjhandle handle, else if (flags & TJFLAG_FORCESSE2) putenv("JSIMD_FORCESSE2=1"); #endif + if (flags & TJFLAG_LIMITSCANS) { + MEMZERO(&progress, sizeof(struct my_progress_mgr)); + progress.pub.progress_monitor = my_progress_monitor; + progress.this = this; + dinfo->progress = &progress.pub; + } else + dinfo->progress = NULL; + if (setjmp(this->jerr.setjmp_buffer)) { /* If we get here, the JPEG code has signaled an error. */ retval = -1; goto bailout; @@ -1837,7 +1892,8 @@ DLLEXPORT int tjTransform(tjhandle handle, const unsigned char *jpegBuf, { jpeg_transform_info *xinfo = NULL; jvirt_barray_ptr *srccoefs, *dstcoefs; - int retval = 0, i, jpegSubsamp, saveMarkers = 0; + int retval = 0, alloc = 1, i, jpegSubsamp, saveMarkers = 0; + struct my_progress_mgr progress; GET_INSTANCE(handle); this->jerr.stopOnWarning = (flags & TJFLAG_STOPONWARNING) ? TRUE : FALSE; @@ -1854,6 +1910,14 @@ DLLEXPORT int tjTransform(tjhandle handle, const unsigned char *jpegBuf, else if (flags & TJFLAG_FORCESSE2) putenv("JSIMD_FORCESSE2=1"); #endif + if (flags & TJFLAG_LIMITSCANS) { + MEMZERO(&progress, sizeof(struct my_progress_mgr)); + progress.pub.progress_monitor = my_progress_monitor; + progress.this = this; + dinfo->progress = &progress.pub; + } else + dinfo->progress = NULL; + if ((xinfo = (jpeg_transform_info *)malloc(sizeof(jpeg_transform_info) * n)) == NULL) THROW("tjTransform(): Memory allocation failure"); @@ -1916,7 +1980,7 @@ DLLEXPORT int tjTransform(tjhandle handle, const unsigned char *jpegBuf, srccoefs = jpeg_read_coefficients(dinfo); for (i = 0; i < n; i++) { - int w, h, alloc = 1; + int w, h; if (!xinfo[i].crop) { w = dinfo->image_width; h = dinfo->image_height; @@ -1974,7 +2038,10 @@ DLLEXPORT int tjTransform(tjhandle handle, const unsigned char *jpegBuf, jpeg_finish_decompress(dinfo); bailout: - if (cinfo->global_state > CSTATE_START) jpeg_abort_compress(cinfo); + if (cinfo->global_state > CSTATE_START) { + if (alloc) (*cinfo->dest->term_destination) (cinfo); + jpeg_abort_compress(cinfo); + } if (dinfo->global_state > DSTATE_START) jpeg_abort_decompress(dinfo); free(xinfo); if (this->jerr.warning) retval = -1; @@ -2034,6 +2101,11 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, THROWG("tjLoadImage(): Unsupported file type"); src->input_file = file; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* Refuse to load images larger than 1 Megapixel when fuzzing. */ + if (flags & TJFLAG_FUZZING) + src->max_pixels = 1048576; +#endif (*src->start_input) (cinfo, src); (*cinfo->mem->realize_virt_arrays) ((j_common_ptr)cinfo); diff --git a/turbojpeg.h b/turbojpeg.h index f3209dd3..c2f6b514 100644 --- a/turbojpeg.h +++ b/turbojpeg.h @@ -1,5 +1,6 @@ /* - * Copyright (C)2009-2015, 2017, 2020 D. R. Commander. All Rights Reserved. + * Copyright (C)2009-2015, 2017, 2020-2021 D. R. Commander. + * All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -418,6 +419,16 @@ enum TJCS { * reduce compression and decompression performance considerably. */ #define TJFLAG_PROGRESSIVE 16384 +/** + * Limit the number of progressive JPEG scans that the decompression and + * transform functions will process. If a progressive JPEG image contains an + * unreasonably large number of scans, then this flag will cause the + * decompression and transform functions to return an error. The primary + * purpose of this is to allow security-critical applications to guard against + * an exploit of the progressive JPEG format described in + * <a href="https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf" target="_blank">this report</a>. + */ +#define TJFLAG_LIMITSCANS 32768 /** |