diff options
| author | noel@chromium.org <noel@chromium.org> | 2015-04-27 11:27:28 +0000 |
|---|---|---|
| committer | noel@chromium.org <noel@chromium.org> | 2015-04-27 11:27:28 +0000 |
| commit | 8ee9bdd068effcf5fe876e401829eadb94569750 (patch) | |
| tree | 6851855b0851748d0ffce6f236a0ee1989619560 | |
| parent | 9e9058be139a32f2d03eddce97fb15ecca92e6bc (diff) | |
| download | libjpeg-turbo-8ee9bdd068effcf5fe876e401829eadb94569750.tar.gz | |
Fix libjpeg_turbo svn r64 libjpeg6b compat issue
Make the fast path Huffman decoder fallback to the slow decoding path if
the Huffman decoding bit sentinel > 16, this to match libjpeg6b decoding
by reproducing the exact behavior of jpeg_huff_decode().
When this sentinel check is missing (see bug), libjpeg_turbo can produce
two (or more) different decoded images for the same input data depending
on how transport systems (eg., networks) packetize the data for delivery
to end-systems, web browsers for example.
Note: libjpeg6b produces the same decoded image, irrespective of how the
input data is placed in network packets. This fix makes libjpeg_turbo do
the same for compat with libjpeg6b.
TBR=darin@chromium.org
BUG=chromium:398235
Review URL: https://codereview.appspot.com/229430043
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/libjpeg_turbo@295003 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
| -rw-r--r-- | README.chromium | 4 | ||||
| -rw-r--r-- | google.patch | 66 | ||||
| -rw-r--r-- | jdhuff.c | 7 | ||||
| -rw-r--r-- | jdhuff.h | 6 |
4 files changed, 75 insertions, 8 deletions
diff --git a/README.chromium b/README.chromium index 929c2f1c..d7723a03 100644 --- a/README.chromium +++ b/README.chromium @@ -31,6 +31,10 @@ following changes which are not merged to upstream: * Removed .func / .endfunc lines from arm assembly ( https://sourceforge.net/p/libjpeg-turbo/bugs/72/ , landed at https://sourceforge.net/p/libjpeg-turbo/code/1375 ). +* Fix libjpeg_turbo svn r64 libjpeg6b compat issue: make the fast path Huffman + decoder fallback to slow decoding if the Huffman decoding bit sentinel > 16, + this to match the exact behavior of jpeg_huff_decode(). + http://crbug.com/398235 The 'google.patch' file represents our changes from the original libjpeg-turbo-1.2. diff --git a/google.patch b/google.patch index de6faddd..4d0af8e0 100644 --- a/google.patch +++ b/google.patch @@ -1852,9 +1852,44 @@ Index: jdarith.c temp = e->a - qe; Index: jdhuff.c =================================================================== ---- jdhuff.c (revision 829) -+++ jdhuff.c (working copy) -@@ -742,7 +742,7 @@ +--- jdhuff.c (revision 1541) ++++ jdhuff.c (working copy) +@@ -662,7 +662,7 @@ + d_derived_tbl * actbl = entropy->ac_cur_tbls[blkn]; + register int s, k, r, l; + +- HUFF_DECODE_FAST(s, l, dctbl); ++ HUFF_DECODE_FAST(s, l, dctbl, slow_decode_mcu); + if (s) { + FILL_BIT_BUFFER_FAST + r = GET_BITS(s); +@@ -679,7 +679,7 @@ + if (entropy->ac_needed[blkn]) { + + for (k = 1; k < DCTSIZE2; k++) { +- HUFF_DECODE_FAST(s, l, actbl); ++ HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu); + r = s >> 4; + s &= 15; + +@@ -698,7 +698,7 @@ + } else { + + for (k = 1; k < DCTSIZE2; k++) { +- HUFF_DECODE_FAST(s, l, actbl); ++ HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu); + r = s >> 4; + s &= 15; + +@@ -715,6 +715,7 @@ + } + + if (cinfo->unread_marker != 0) { ++slow_decode_mcu: + cinfo->unread_marker = 0; + return FALSE; + } +@@ -742,7 +743,7 @@ * this module, since we'll just re-assign them on the next call.) */ @@ -1863,6 +1898,31 @@ Index: jdhuff.c METHODDEF(boolean) decode_mcu (j_decompress_ptr cinfo, JBLOCKROW *MCU_data) +Index: jdhuff.h +=================================================================== +--- jdhuff.h (revision 1541) ++++ jdhuff.h (working copy) +@@ -208,7 +208,7 @@ + } \ + } + +-#define HUFF_DECODE_FAST(s,nb,htbl) \ ++#define HUFF_DECODE_FAST(s,nb,htbl,slowlabel) \ + FILL_BIT_BUFFER_FAST; \ + s = PEEK_BITS(HUFF_LOOKAHEAD); \ + s = htbl->lookup[s]; \ +@@ -225,7 +225,9 @@ + s |= GET_BITS(1); \ + nb++; \ + } \ +- s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) & 0xFF ]; \ ++ if (nb > 16) \ ++ goto slowlabel; \ ++ s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) ]; \ + } + + /* Out-of-line case for Huffman code fetching */ + Index: jchuff.c =================================================================== --- jchuff.c (revision 1219) @@ -663,7 +663,7 @@ decode_mcu_fast (j_decompress_ptr cinfo, JBLOCKROW *MCU_data) d_derived_tbl * actbl = entropy->ac_cur_tbls[blkn]; register int s, k, r, l; - HUFF_DECODE_FAST(s, l, dctbl); + HUFF_DECODE_FAST(s, l, dctbl, slow_decode_mcu); if (s) { FILL_BIT_BUFFER_FAST r = GET_BITS(s); @@ -680,7 +680,7 @@ decode_mcu_fast (j_decompress_ptr cinfo, JBLOCKROW *MCU_data) if (entropy->ac_needed[blkn]) { for (k = 1; k < DCTSIZE2; k++) { - HUFF_DECODE_FAST(s, l, actbl); + HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu); r = s >> 4; s &= 15; @@ -699,7 +699,7 @@ decode_mcu_fast (j_decompress_ptr cinfo, JBLOCKROW *MCU_data) } else { for (k = 1; k < DCTSIZE2; k++) { - HUFF_DECODE_FAST(s, l, actbl); + HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu); r = s >> 4; s &= 15; @@ -716,6 +716,7 @@ decode_mcu_fast (j_decompress_ptr cinfo, JBLOCKROW *MCU_data) } if (cinfo->unread_marker != 0) { +slow_decode_mcu: cinfo->unread_marker = 0; return FALSE; } @@ -209,7 +209,7 @@ slowlabel: \ } \ } -#define HUFF_DECODE_FAST(s,nb,htbl) \ +#define HUFF_DECODE_FAST(s,nb,htbl,slowlabel) \ FILL_BIT_BUFFER_FAST; \ s = PEEK_BITS(HUFF_LOOKAHEAD); \ s = htbl->lookup[s]; \ @@ -226,7 +226,9 @@ slowlabel: \ s |= GET_BITS(1); \ nb++; \ } \ - s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) & 0xFF ]; \ + if (nb > 16) \ + goto slowlabel; \ + s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) ]; \ } /* Out-of-line case for Huffman code fetching */ |