diff options
author | Peter Kasting <pkasting@chromium.org> | 2021-07-09 07:13:34 -0700 |
---|---|---|
committer | Peter Kasting <pkasting@chromium.org> | 2021-07-09 07:13:34 -0700 |
commit | 2eb7e20a20524dd70806268e480a695fb9cdfe46 (patch) | |
tree | 6b79907837ba3e92a22f55ed9c21985edc84a5f7 | |
parent | b7bef8c05b7cdb1a038ae271a2c2b6647af4c879 (diff) | |
download | libjpeg-turbo-2eb7e20a20524dd70806268e480a695fb9cdfe46.tar.gz |
Update libjpeg-turbo to 9df5786f05c8be702f5a896b231c6e057847c18b.
Bug: chromium:995993
Change-Id: I09a1cb64384cf618f033289c259711fedbf92d5b
-rw-r--r-- | ChangeLog.md | 27 | ||||
-rw-r--r-- | README.chromium | 4 | ||||
-rw-r--r-- | jchuff.c | 5 | ||||
-rw-r--r-- | jcmaster.c | 2 | ||||
-rw-r--r-- | jconfigint.h.in | 10 | ||||
-rw-r--r-- | jcphuff.c | 5 | ||||
-rw-r--r-- | jdapimin.c | 3 | ||||
-rw-r--r-- | jdmainct.c | 5 |
8 files changed, 42 insertions, 19 deletions
diff --git a/ChangeLog.md b/ChangeLog.md index 498b8f27..ea0f9031 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,12 @@ +2.1.1 +===== + +### Significant changes relative to 2.1.0 + +1. Fixed a regression introduced in 2.1.0 that caused build failures with +non-GCC-compatible compilers for Un*x/Arm platforms. + + 2.1.0 ===== @@ -284,15 +293,15 @@ JPEG images. This was known to cause a buffer overflow when attempting to decompress some such images using `tjDecompressToYUV2()` or `tjDecompressToYUVPlanes()`. -5. Fixed an issue, detected by ASan, whereby attempting to losslessly transform -a specially-crafted malformed JPEG image containing an extremely-high-frequency -coefficient block (junk image data that could never be generated by a -legitimate JPEG compressor) could cause the Huffman encoder's local buffer to -be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) Given that the buffer -overrun was fully contained within the stack and did not cause a segfault or -other user-visible errant behavior, and given that the lossless transformer -(unlike the decompressor) is not generally exposed to arbitrary data exploits, -this issue did not likely pose a security risk. +5. Fixed an issue (CVE-2020-17541), detected by ASan, whereby attempting to +losslessly transform a specially-crafted malformed JPEG image containing an +extremely-high-frequency coefficient block (junk image data that could never be +generated by a legitimate JPEG compressor) could cause the Huffman encoder's +local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) Given that +the buffer overrun was fully contained within the stack and did not cause a +segfault or other user-visible errant behavior, and given that the lossless +transformer (unlike the decompressor) is not generally exposed to arbitrary +data exploits, this issue did not likely pose a security risk. 6. The Arm 64-bit (Armv8) Neon SIMD assembly code now stores constants in a separate read-only data section rather than in the text section, to support diff --git a/README.chromium b/README.chromium index d260cb2c..7dda13b9 100644 --- a/README.chromium +++ b/README.chromium @@ -1,6 +1,6 @@ Name: libjpeg-turbo URL: https://github.com/libjpeg-turbo/libjpeg-turbo/ -Version: 2.1.0 +Version: 9df5786f05c8be702f5a896b231c6e057847c18b (post 2.1.0) License: Custom license License File: LICENSE.md Security Critical: yes @@ -8,7 +8,7 @@ License Android Compatible: yes Description: This consists of the components: -* libjpeg-turbo 2.1.0 +* libjpeg-turbo 9df5786f05c8be702f5a896b231c6e057847c18b (post 2.1.0) * This file (README.chromium) * A build file (BUILD.gn) * An OWNERS file @@ -44,8 +44,9 @@ * flags (this defines __thumb__). */ -#if defined(__arm__) || defined(__aarch64__) || defined(_M_ARM) || \ - defined(_M_ARM64) +/* NOTE: Both GCC and Clang define __GNUC__ */ +#if (defined(__GNUC__) && (defined(__arm__) || defined(__aarch64__))) || \ + defined(_M_ARM) || defined(_M_ARM64) #if !defined(__thumb__) || defined(__thumb2__) #define USE_CLZ_INTRINSIC #endif @@ -493,7 +493,7 @@ prepare_for_pass(j_compress_ptr cinfo) master->pass_type = output_pass; master->pass_number++; #endif - /*FALLTHROUGH*/ + FALLTHROUGH /*FALLTHROUGH*/ case output_pass: /* Do a data-output pass. */ /* We need not repeat per-scan setup if prior optimization pass did it. */ diff --git a/jconfigint.h.in b/jconfigint.h.in index 68cbc2a5..d087d7b5 100644 --- a/jconfigint.h.in +++ b/jconfigint.h.in @@ -32,3 +32,13 @@ #define HAVE_BITSCANFORWARD #endif #endif + +#if defined(__has_attribute) +#if __has_attribute(fallthrough) +#define FALLTHROUGH __attribute__((fallthrough)); +#else +#define FALLTHROUGH +#endif +#else +#define FALLTHROUGH +#endif @@ -52,8 +52,9 @@ * flags (this defines __thumb__). */ -#if defined(__arm__) || defined(__aarch64__) || defined(_M_ARM) || \ - defined(_M_ARM64) +/* NOTE: Both GCC and Clang define __GNUC__ */ +#if (defined(__GNUC__) && (defined(__arm__) || defined(__aarch64__))) || \ + defined(_M_ARM) || defined(_M_ARM64) #if !defined(__thumb__) || defined(__thumb2__) #define USE_CLZ_INTRINSIC #endif @@ -23,6 +23,7 @@ #include "jinclude.h" #include "jpeglib.h" #include "jdmaster.h" +#include "jconfigint.h" /* @@ -308,7 +309,7 @@ jpeg_consume_input(j_decompress_ptr cinfo) /* Initialize application's data source module */ (*cinfo->src->init_source) (cinfo); cinfo->global_state = DSTATE_INHEADER; - /*FALLTHROUGH*/ + FALLTHROUGH /*FALLTHROUGH*/ case DSTATE_INHEADER: retcode = (*cinfo->inputctl->consume_input) (cinfo); if (retcode == JPEG_REACHED_SOS) { /* Found SOS, prepare to decompress */ @@ -18,6 +18,7 @@ #include "jinclude.h" #include "jdmainct.h" +#include "jconfigint.h" /* @@ -360,7 +361,7 @@ process_data_context_main(j_decompress_ptr cinfo, JSAMPARRAY output_buf, main_ptr->context_state = CTX_PREPARE_FOR_IMCU; if (*out_row_ctr >= out_rows_avail) return; /* Postprocessor exactly filled output buf */ - /*FALLTHROUGH*/ + FALLTHROUGH /*FALLTHROUGH*/ case CTX_PREPARE_FOR_IMCU: /* Prepare to process first M-1 row groups of this iMCU row */ main_ptr->rowgroup_ctr = 0; @@ -371,7 +372,7 @@ process_data_context_main(j_decompress_ptr cinfo, JSAMPARRAY output_buf, if (main_ptr->iMCU_row_ctr == cinfo->total_iMCU_rows) set_bottom_pointers(cinfo); main_ptr->context_state = CTX_PROCESS_IMCU; - /*FALLTHROUGH*/ + FALLTHROUGH /*FALLTHROUGH*/ case CTX_PROCESS_IMCU: /* Call postprocessor using previously set pointers */ (*cinfo->post->post_process_data) (cinfo, |