kmx git

Commit	Date	Message
dfc63d42	2022-03-28T22:30:54	Fix non-SIMD alignment if void* bigger than double When building without the SIMD extensions, memory allocations are currently aligned to sizeof(double). However, this may be insufficient on architectures such as Arm Morello or 64-bit CHERI-RISC-V where pointers require 16-byte rather than 8-byte alignment. This patch causes memory allocations to be aligned to MAX(sizeof(void *), sizeof(double)) when building without the SIMD extensions. (NOTE: With C11 we could instead use alignof(max_align_t), but C89 compatibility is still necessary in libjpeg-turbo.) Closes #587
607b668f	2022-02-10T11:33:49	MSVC: Eliminate C4996 warnings in API libs The primary purpose of this is to encourage adoption of libjpeg-turbo in downstream Windows projects that forbid the use of "deprecated" functions. libjpeg-turbo's usage of those functions was not actually unsafe, because: - libjpeg-turbo always checks the return value of fopen() and ensures that a NULL filename can never be passed to it. - libjpeg-turbo always checks the return value of getenv() and never passes a NULL argument to it. - The sprintf() calls in format_message() (jerror.c) could never overflow the destination string buffer or leave it unterminated as long as the buffer was at least JMSG_LENGTH_MAX bytes in length, as instructed. (Regardless, this commit replaces those calls with snprintf() calls.) - libjpeg-turbo never uses sscanf() to read strings or multi-byte character arrays. - Because of b7d6e84d6a9283dc2bc50ef9fcaadc0cdeb25c9f, wrjpgcom explicitly checks the bounds of the source and destination strings before calling strcat() and strcpy(). - libjpeg-turbo always ensures that the destination string is terminated when using strncpy(). (548490fe5e2aa31cb00f6602d5a478b068b99682 made this explicit.) Regarding thread safety: Technically speaking, getenv() is not thread-safe, because the returned pointer may be invalidated if another thread sets the same environment variable between the time that the first thread calls getenv() and the time that that thread uses the return value. In practice, however, this could only occur with libjpeg-turbo if: (1) A multithreaded calling application used the deprecated and undocumented TJFLAG_FORCEMMX/TJFLAG_FORCESSE/TJFLAG_FORCESSE2 flags in the TurboJPEG API or set one of the corresponding environment variables (which are only intended for testing purposes.) Since the TurboJPEG API library only ever passed string constants to putenv(), the only inherent risk (i.e. the only risk introduced by the library and not the calling application) was that the SIMD extensions may have read an incorrect value from one of the aforementioned environment variables. or (2) A multithreaded calling application modified the value of the JPEGMEM environment variable in one thread while another thread was reading the value of that environment variable (in the body of jpeg_create_compress() or jpeg_create_decompress().) Given that the libjpeg API provides a thread-safe way for applications to modify the default memory limit without using the JPEGMEM environment variable, direct modification of that environment variable by calling applications is not supported. Microsoft's implementation of getenv_s() does not claim to be thread-safe either, so this commit uses getenv_s() solely to mollify Visual Studio. New inline functions and macros (GETENV_S() and PUTENV_S) wrap getenv_s()/_putenv_s() when building for Visual Studio and getenv()/setenv() otherwise, but GETENV_S()/PUTENV_S() provide no advantages over getenv()/setenv() other than parameter validation. They are implemented solely for convenience. Technically speaking, strerror() is not thread-safe, because the returned pointer may be invalidated if another thread changes the locale and/or calls strerror() between the time that the first thread calls strerror() and the time that that thread uses the return value. In practice, however, this could only occur with libjpeg-turbo if a multithreaded calling application encountered a file I/O error in tjLoadImage() or tjSaveImage(). Since both of those functions immediately copy the string returned from strerror() into a thread-local buffer, the risk is minimal, and the worst case would involve an incorrect error string being reported to the calling application. Regardless, this commit uses strerror_s() in the TurboJPEG API library when building for Visual Studio. Note that strerror_r() could have been used on Un*x systems, but it would have been necessary to handle both the POSIX and GNU implementations of that function and perform widespread compatibility testing. Such is left as an exercise for another day. Fixes #568
17297239	2022-01-06T09:17:30	Eliminate non-ANSI C compatibility macros libjpeg-turbo has never supported non-ANSI C compilers. Per the spec, ANSI C compilers must have locale.h, stddef.h, stdlib.h, memset(), memcpy(), unsigned char, and unsigned short. They must also handle undefined structures.
0a9b9721	2021-08-09T17:25:36	jmemmgr.c: Pass correct size arg to jpeg_free_() This issue was introduced in 5557fd22173ea9ab4c02c81e1dcec9bd6927814f due to an oversight, so it has existed in libjpeg-turbo since the project's inception. However, the issue is effectively a non-issue. Although #325 proposes allowing programs to override jpeg_get_() and jpeg_free_() externally, there is currently no way to override those functions without modifying the libjpeg-turbo source code. libjpeg-turbo only includes the malloc()/free() memory manager from libjpeg, and the implementation of jpeg_free_() in that memory manager ignores the size argument. libjpeg had several additional memory managers for legacy systems (MS-DOS, System 7, etc.), but those memory managers ignored the size argument to jpeg_free_*() as well. Thus, this issue would have only potentially affected custom memory managers in downstream libjpeg-turbo forks, and since no one has complained until now, apparently those are rare. Fixes #542
9fc018fd	2020-01-12T00:00:00	The Independent JPEG Group's JPEG software v9d
84fbd4f1	2018-03-17T00:27:49	Merge branch 'master' into dev
c7430097	2018-03-06T22:10:14	Fix build with older MinGW releases Some MinGW implementations need stdint.h in order to define SIZE_MAX. Regression caused by a09ba29a55b9a43d346421210d94370065eeaf53 and not fully fixed by a0047bdea4d11dfeefb9ea797865b1a2ea0a665e. Closes #220
19c791cd	2018-03-08T10:55:20	Improve code formatting consistency With rare exceptions ... - Always separate line continuation characters by one space from preceding code. - Always use two-space indentation. Never use tabs. - Always use K&R-style conditional blocks. - Always surround operators with spaces, except in raw assembly code. - Always put a space after, but not before, a comma. - Never put a space between type casts and variables/function calls. - Never put a space between the function name and the argument list in function declarations and prototypes. - Always surround braces ('{' and '}') with spaces. - Always surround statements (if, for, else, catch, while, do, switch) with spaces. - Always attach pointer symbols ('' and '') to the variable or function name. - Always precede pointer symbols ('' and '**') by a space in type casts. - Use the MIN() macro from jpegint.h within the libjpeg and TurboJPEG API libraries (using min() from tjutil.h is still necessary for TJBench.) - Where it makes sense (particularly in the TurboJPEG code), put a blank line after variable declaration blocks. - Always separate statements in one-liners by two spaces. The purpose of this was to ease maintenance on my part and also to make it easier for contributors to figure out how to format patch submissions. This was admittedly confusing (even to me sometimes) when we had 3 or 4 different style conventions in the same source tree. The new convention is more consistent with the formatting of other OSS code bases. This commit corrects deviations from the chosen formatting style in the libjpeg API code and reformats the TurboJPEG API code such that it conforms to the same standard. NOTES: - Although it is no longer necessary for the function name in function declarations to begin in Column 1 (this was historically necessary because of the ansi2knr utility, which allowed libjpeg to be built with non-ANSI compilers), we retain that formatting for the libjpeg code because it improves readability when using libjpeg's function attribute macros (GLOBAL(), etc.) - This reformatting project was accomplished with the help of AStyle and Uncrustify, although neither was completely up to the task, and thus a great deal of manual tweaking was required. Note to developers of code formatting utilities: the libjpeg-turbo code base is an excellent test bed, because AFAICT, it breaks every single one of the utilities that are currently available. - The legacy (MMX, SSE, 3DNow!) assembly code for i386 has been formatted to match the SSE2 code (refer to ff5685d5344273df321eb63a005eaae19d2496e3.) I hadn't intended to bother with this, but the Loongson MMI implementation demonstrated that there is still academic value to the MMX implementation, as an algorithmic model for other 64-bit vector implementations. Thus, it is desirable to improve its readability in the same manner as that of the SSE2 implementation.
ed21f4bd	2016-10-05T14:41:14	Merge branch 'master' into dev
a0047bde	2016-10-04T13:25:34	Fix broken build w/ Visual C++ < 2010 Regression introduced by dfefba77520ded5c5fd4864e76352a5f3eb23e74 (Windows doesn't always have stdint.h.)
dfefba77	2016-09-22T14:19:29	Fix broken build with NDK platforms < android-21 Regression introduced by a09ba29a55b9a43d346421210d94370065eeaf53 Fixes #103
6c365686	2016-09-20T18:09:15	Merge branch 'master' into dev
a09ba29a	2016-09-07T16:40:10	Fix unsigned int overflow in libjpeg memory mgr. When attempting to decode a malformed JPEG image (refer to https://bugzilla.mozilla.org/show_bug.cgi?id=1295044) with dimensions 61472 x 32800, the maximum_space variable within the realize_virt_arrays() function will exceed the maximum value of a 32-bit integer and will wrap around. The memory manager subsequently fails with an "Insufficient memory" error (case 4, in alloc_large()), so this commit simply causes that error to be triggered earlier, before UBSan has a chance to complain. Note that this issue did not ever represent an exploitable security threat, because the POSIX-based memory manager that we use doesn't ever do anything meaningful with the value of maximum_space. jpeg_mem_available() simply sets avail_mem = maximum_space, so the subsequent behavior of the memory manager is the same regardless of whether maximum_space is correct or not. This commit simply removes a UBSan warning in order to make it easier to detect actual security issues.
2cf199cb	2016-05-20T10:45:32	Lay the groundwork for 64-bit AVX2 SIMD support
bd49803f	2016-02-19T08:53:33	Use consistent/modern code formatting for pointers The convention used by libjpeg: type * variable; is not very common anymore, because it looks too much like multiplication. Some (particularly C++ programmers) prefer to tuck the pointer symbol against the type: type* variable; to emphasize that a pointer to a type is effectively a new type. However, this can also be confusing, since defining multiple variables on the same line would not work properly: type* variable1, variable2; /* Only variable1 is actually a pointer. / This commit reformats the entirety of the libjpeg-turbo code base so that it uses the same code formatting convention for pointers that the TurboJPEG API code uses: type variable1, *variable2; This seems to be the most common convention among C programmers, and it is the convention used by other codec libraries, such as libpng and libtiff.
e7f88aec	2013-01-13T00:00:00	The Independent JPEG Group's JPEG software v9
55a18d40	2016-02-04T18:52:23	Merge branch '1.4.x'
04dd34c1	2016-02-04T10:59:21	Guard against wrap-around in alloc functions Because of the exposed nature of the libjpeg API, alloc_small() and alloc_large() can potentially be called by external code. If an application were to call either of those functions with sizeofobject > SIZE_MAX - ALIGN_SIZE - 1, then the math in round_up_pow2() would wrap around to zero, causing that function to return a small value. That value would likely not exceed MAX_ALLOC_CHUNK, so the subsequent size checks in alloc_small() and alloc_large() would not catch the error. A similar problem could occur in 32-bit builds if alloc_sarray() were called with samplesperrow > SIZE_MAX - (2 * ALIGN_SIZE / sizeof(JSAMPLE)) - 1 This patch simply ensures that the size argument to the alloc_*() functions will never exceed MAX_ALLOC_CHUNK (1 billion). If it did, then subsequent size checks would eventually catch that error, so we are instead catching the error before round_up_pow2() is called. This addresses a minor concern (LJT-01-001) expressed in a security audit by Cure53.
271b0bf0	2016-02-04T10:08:38	jmemmgr.c: formatting tweaks
7e3acc0e	2015-10-10T10:25:46	Rename README, LICENSE, BUILDING text files The IJG README file has been renamed to README.ijg, in order to avoid confusion (many people were assuming that that was our project's README file and weren't reading README-turbo.txt) and to lay the groundwork for markdown versions of the libjpeg-turbo README and build instructions.
a2e6a9dd	2006-02-04T00:00:00	IJG R6b with x86SIMD V1.02 Independent JPEG Group's JPEG software release 6b with x86 SIMD extension for IJG JPEG library version 1.02
489583f5	1996-02-07T00:00:00	The Independent JPEG Group's JPEG software v6a
bc79e068	1995-08-02T00:00:00	The Independent JPEG Group's JPEG software v6
36a4cccc	1994-09-24T00:00:00	The Independent JPEG Group's JPEG software v5
cc7150e2	1993-02-18T00:00:00	The Independent JPEG Group's JPEG software v4a
88aeed42	1992-12-10T00:00:00	The Independent JPEG Group's JPEG software v4
4a6b7303	1992-03-17T00:00:00	The Independent JPEG Group's JPEG software v3
5829cb23	2012-01-15T00:00:00	The Independent JPEG Group's JPEG software v8d
5ead57a3	1998-03-27T00:00:00	The Independent JPEG Group's JPEG software v6b
5de454b2	2014-05-18T19:04:03	libjpeg-turbo has never supported non-ANSI compilers, so get rid of the crufty SIZEOF() macro. It was not being used consistently anyhow, so it would not have been possible to build prior releases of libjpeg-turbo using the broken compilers for which that macro was designed. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1313 632fc199-4ca6-4c93-a231-07263d6284db
5033f3e1	2014-05-18T18:33:44	Remove MS-DOS code and information, and adjust copyright headers to reflect the removal of features in r1307 and r1308. libjpeg-turbo has never supported MS-DOS, nor is it even possible for us to do so. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1312 632fc199-4ca6-4c93-a231-07263d6284db
bc56b754	2014-05-16T10:43:44	Get rid of the HAVE_PROTOTYPES configuration option, as well as the related JMETHOD and JPP macros. libjpeg-turbo has never supported compilers that don't handle prototypes. Doing so requires ansi2knr, which isn't even supported in the IJG code anymore. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1308 632fc199-4ca6-4c93-a231-07263d6284db
b7753510	2014-05-11T09:36:25	Convert tabs to spaces in the libjpeg code and the SIMD code (TurboJPEG retains the use of tabs for historical reasons. They were annoying in the libjpeg code primarily because they were not consistently used and because they were used to format as well as indent the code. In the case of TurboJPEG, tabs are used just to indent the code, so even if the editor assumes a different tab width, the code will still be readable.) git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/branches/1.3.x@1285 632fc199-4ca6-4c93-a231-07263d6284db
e5eaf374	2014-05-09T18:00:32	Convert tabs to spaces in the libjpeg code and the SIMD code (TurboJPEG retains the use of tabs for historical reasons. They were annoying in the libjpeg code primarily because they were not consistently used and because they were used to format as well as indent the code. In the case of TurboJPEG, tabs are used just to indent the code, so even if the editor assumes a different tab width, the code will still be readable.) git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1278 632fc199-4ca6-4c93-a231-07263d6284db
a8eabfeb	2011-03-29T04:58:40	Create local round up function for jmemmgr.c so we can revert the original argument types of jround_up() without breaking the build on 64-bit Windows. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/branches/1.1.x@539 632fc199-4ca6-4c93-a231-07263d6284db
04899094	2010-02-26T23:01:19	Bleepin' Windows uses LLP64, not LP64 git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@158 632fc199-4ca6-4c93-a231-07263d6284db
73118306	2009-03-09T13:30:47	Most SIMD implementations need 16 byte alignment git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@20 632fc199-4ca6-4c93-a231-07263d6284db
5557fd22	2009-03-09T10:34:53	Improve memory allocater alignment handling Fix some broken assumptions and allow any alignment, not just those associated with C types. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@12 632fc199-4ca6-4c93-a231-07263d6284db

dfc63d42

2022-03-28T22:30:54

Fix non-SIMD alignment if void* bigger than double When building without the SIMD extensions, memory allocations are currently aligned to sizeof(double). However, this may be insufficient on architectures such as Arm Morello or 64-bit CHERI-RISC-V where pointers require 16-byte rather than 8-byte alignment. This patch causes memory allocations to be aligned to MAX(sizeof(void *), sizeof(double)) when building without the SIMD extensions. (NOTE: With C11 we could instead use alignof(max_align_t), but C89 compatibility is still necessary in libjpeg-turbo.) Closes #587

607b668f

2022-02-10T11:33:49

MSVC: Eliminate C4996 warnings in API libs The primary purpose of this is to encourage adoption of libjpeg-turbo in downstream Windows projects that forbid the use of "deprecated" functions. libjpeg-turbo's usage of those functions was not actually unsafe, because: - libjpeg-turbo always checks the return value of fopen() and ensures that a NULL filename can never be passed to it. - libjpeg-turbo always checks the return value of getenv() and never passes a NULL argument to it. - The sprintf() calls in format_message() (jerror.c) could never overflow the destination string buffer or leave it unterminated as long as the buffer was at least JMSG_LENGTH_MAX bytes in length, as instructed. (Regardless, this commit replaces those calls with snprintf() calls.) - libjpeg-turbo never uses sscanf() to read strings or multi-byte character arrays. - Because of b7d6e84d6a9283dc2bc50ef9fcaadc0cdeb25c9f, wrjpgcom explicitly checks the bounds of the source and destination strings before calling strcat() and strcpy(). - libjpeg-turbo always ensures that the destination string is terminated when using strncpy(). (548490fe5e2aa31cb00f6602d5a478b068b99682 made this explicit.) Regarding thread safety: Technically speaking, getenv() is not thread-safe, because the returned pointer may be invalidated if another thread sets the same environment variable between the time that the first thread calls getenv() and the time that that thread uses the return value. In practice, however, this could only occur with libjpeg-turbo if: (1) A multithreaded calling application used the deprecated and undocumented TJFLAG_FORCEMMX/TJFLAG_FORCESSE/TJFLAG_FORCESSE2 flags in the TurboJPEG API or set one of the corresponding environment variables (which are only intended for testing purposes.) Since the TurboJPEG API library only ever passed string constants to putenv(), the only inherent risk (i.e. the only risk introduced by the library and not the calling application) was that the SIMD extensions may have read an incorrect value from one of the aforementioned environment variables. or (2) A multithreaded calling application modified the value of the JPEGMEM environment variable in one thread while another thread was reading the value of that environment variable (in the body of jpeg_create_compress() or jpeg_create_decompress().) Given that the libjpeg API provides a thread-safe way for applications to modify the default memory limit without using the JPEGMEM environment variable, direct modification of that environment variable by calling applications is not supported. Microsoft's implementation of getenv_s() does not claim to be thread-safe either, so this commit uses getenv_s() solely to mollify Visual Studio. New inline functions and macros (GETENV_S() and PUTENV_S) wrap getenv_s()/_putenv_s() when building for Visual Studio and getenv()/setenv() otherwise, but GETENV_S()/PUTENV_S() provide no advantages over getenv()/setenv() other than parameter validation. They are implemented solely for convenience. Technically speaking, strerror() is not thread-safe, because the returned pointer may be invalidated if another thread changes the locale and/or calls strerror() between the time that the first thread calls strerror() and the time that that thread uses the return value. In practice, however, this could only occur with libjpeg-turbo if a multithreaded calling application encountered a file I/O error in tjLoadImage() or tjSaveImage(). Since both of those functions immediately copy the string returned from strerror() into a thread-local buffer, the risk is minimal, and the worst case would involve an incorrect error string being reported to the calling application. Regardless, this commit uses strerror_s() in the TurboJPEG API library when building for Visual Studio. Note that strerror_r() could have been used on Un*x systems, but it would have been necessary to handle both the POSIX and GNU implementations of that function and perform widespread compatibility testing. Such is left as an exercise for another day. Fixes #568

17297239

2022-01-06T09:17:30

Eliminate non-ANSI C compatibility macros libjpeg-turbo has never supported non-ANSI C compilers. Per the spec, ANSI C compilers must have locale.h, stddef.h, stdlib.h, memset(), memcpy(), unsigned char, and unsigned short. They must also handle undefined structures.

0a9b9721

2021-08-09T17:25:36

jmemmgr.c: Pass correct size arg to jpeg_free_*() This issue was introduced in 5557fd22173ea9ab4c02c81e1dcec9bd6927814f due to an oversight, so it has existed in libjpeg-turbo since the project's inception. However, the issue is effectively a non-issue. Although #325 proposes allowing programs to override jpeg_get_*() and jpeg_free_*() externally, there is currently no way to override those functions without modifying the libjpeg-turbo source code. libjpeg-turbo only includes the malloc()/free() memory manager from libjpeg, and the implementation of jpeg_free_*() in that memory manager ignores the size argument. libjpeg had several additional memory managers for legacy systems (MS-DOS, System 7, etc.), but those memory managers ignored the size argument to jpeg_free_*() as well. Thus, this issue would have only potentially affected custom memory managers in downstream libjpeg-turbo forks, and since no one has complained until now, apparently those are rare. Fixes #542

9fc018fd

2020-01-12T00:00:00

The Independent JPEG Group's JPEG software v9d

84fbd4f1

2018-03-17T00:27:49

Merge branch 'master' into dev

c7430097

2018-03-06T22:10:14

Fix build with older MinGW releases Some MinGW implementations need stdint.h in order to define SIZE_MAX. Regression caused by a09ba29a55b9a43d346421210d94370065eeaf53 and not fully fixed by a0047bdea4d11dfeefb9ea797865b1a2ea0a665e. Closes #220

19c791cd

2018-03-08T10:55:20

Improve code formatting consistency With rare exceptions ... - Always separate line continuation characters by one space from preceding code. - Always use two-space indentation. Never use tabs. - Always use K&R-style conditional blocks. - Always surround operators with spaces, except in raw assembly code. - Always put a space after, but not before, a comma. - Never put a space between type casts and variables/function calls. - Never put a space between the function name and the argument list in function declarations and prototypes. - Always surround braces ('{' and '}') with spaces. - Always surround statements (if, for, else, catch, while, do, switch) with spaces. - Always attach pointer symbols ('*' and '**') to the variable or function name. - Always precede pointer symbols ('*' and '**') by a space in type casts. - Use the MIN() macro from jpegint.h within the libjpeg and TurboJPEG API libraries (using min() from tjutil.h is still necessary for TJBench.) - Where it makes sense (particularly in the TurboJPEG code), put a blank line after variable declaration blocks. - Always separate statements in one-liners by two spaces. The purpose of this was to ease maintenance on my part and also to make it easier for contributors to figure out how to format patch submissions. This was admittedly confusing (even to me sometimes) when we had 3 or 4 different style conventions in the same source tree. The new convention is more consistent with the formatting of other OSS code bases. This commit corrects deviations from the chosen formatting style in the libjpeg API code and reformats the TurboJPEG API code such that it conforms to the same standard. NOTES: - Although it is no longer necessary for the function name in function declarations to begin in Column 1 (this was historically necessary because of the ansi2knr utility, which allowed libjpeg to be built with non-ANSI compilers), we retain that formatting for the libjpeg code because it improves readability when using libjpeg's function attribute macros (GLOBAL(), etc.) - This reformatting project was accomplished with the help of AStyle and Uncrustify, although neither was completely up to the task, and thus a great deal of manual tweaking was required. Note to developers of code formatting utilities: the libjpeg-turbo code base is an excellent test bed, because AFAICT, it breaks every single one of the utilities that are currently available. - The legacy (MMX, SSE, 3DNow!) assembly code for i386 has been formatted to match the SSE2 code (refer to ff5685d5344273df321eb63a005eaae19d2496e3.) I hadn't intended to bother with this, but the Loongson MMI implementation demonstrated that there is still academic value to the MMX implementation, as an algorithmic model for other 64-bit vector implementations. Thus, it is desirable to improve its readability in the same manner as that of the SSE2 implementation.

ed21f4bd

2016-10-05T14:41:14

Merge branch 'master' into dev

a0047bde

2016-10-04T13:25:34

Fix broken build w/ Visual C++ < 2010 Regression introduced by dfefba77520ded5c5fd4864e76352a5f3eb23e74 (Windows doesn't always have stdint.h.)

dfefba77

2016-09-22T14:19:29

Fix broken build with NDK platforms < android-21 Regression introduced by a09ba29a55b9a43d346421210d94370065eeaf53 Fixes #103

6c365686

2016-09-20T18:09:15

Merge branch 'master' into dev

a09ba29a

2016-09-07T16:40:10

Fix unsigned int overflow in libjpeg memory mgr. When attempting to decode a malformed JPEG image (refer to https://bugzilla.mozilla.org/show_bug.cgi?id=1295044) with dimensions 61472 x 32800, the maximum_space variable within the realize_virt_arrays() function will exceed the maximum value of a 32-bit integer and will wrap around. The memory manager subsequently fails with an "Insufficient memory" error (case 4, in alloc_large()), so this commit simply causes that error to be triggered earlier, before UBSan has a chance to complain. Note that this issue did not ever represent an exploitable security threat, because the POSIX-based memory manager that we use doesn't ever do anything meaningful with the value of maximum_space. jpeg_mem_available() simply sets avail_mem = maximum_space, so the subsequent behavior of the memory manager is the same regardless of whether maximum_space is correct or not. This commit simply removes a UBSan warning in order to make it easier to detect actual security issues.

2cf199cb

2016-05-20T10:45:32

Lay the groundwork for 64-bit AVX2 SIMD support

bd49803f

2016-02-19T08:53:33

Use consistent/modern code formatting for pointers The convention used by libjpeg: type * variable; is not very common anymore, because it looks too much like multiplication. Some (particularly C++ programmers) prefer to tuck the pointer symbol against the type: type* variable; to emphasize that a pointer to a type is effectively a new type. However, this can also be confusing, since defining multiple variables on the same line would not work properly: type* variable1, variable2; /* Only variable1 is actually a pointer. */ This commit reformats the entirety of the libjpeg-turbo code base so that it uses the same code formatting convention for pointers that the TurboJPEG API code uses: type *variable1, *variable2; This seems to be the most common convention among C programmers, and it is the convention used by other codec libraries, such as libpng and libtiff.

e7f88aec

2013-01-13T00:00:00

The Independent JPEG Group's JPEG software v9

55a18d40

2016-02-04T18:52:23

Merge branch '1.4.x'

04dd34c1

2016-02-04T10:59:21

Guard against wrap-around in alloc functions Because of the exposed nature of the libjpeg API, alloc_small() and alloc_large() can potentially be called by external code. If an application were to call either of those functions with sizeofobject > SIZE_MAX - ALIGN_SIZE - 1, then the math in round_up_pow2() would wrap around to zero, causing that function to return a small value. That value would likely not exceed MAX_ALLOC_CHUNK, so the subsequent size checks in alloc_small() and alloc_large() would not catch the error. A similar problem could occur in 32-bit builds if alloc_sarray() were called with samplesperrow > SIZE_MAX - (2 * ALIGN_SIZE / sizeof(JSAMPLE)) - 1 This patch simply ensures that the size argument to the alloc_*() functions will never exceed MAX_ALLOC_CHUNK (1 billion). If it did, then subsequent size checks would eventually catch that error, so we are instead catching the error before round_up_pow2() is called. This addresses a minor concern (LJT-01-001) expressed in a security audit by Cure53.

271b0bf0

2016-02-04T10:08:38

jmemmgr.c: formatting tweaks

7e3acc0e

2015-10-10T10:25:46

Rename README, LICENSE, BUILDING text files The IJG README file has been renamed to README.ijg, in order to avoid confusion (many people were assuming that that was our project's README file and weren't reading README-turbo.txt) and to lay the groundwork for markdown versions of the libjpeg-turbo README and build instructions.

a2e6a9dd

2006-02-04T00:00:00

IJG R6b with x86SIMD V1.02 Independent JPEG Group's JPEG software release 6b with x86 SIMD extension for IJG JPEG library version 1.02

489583f5

1996-02-07T00:00:00

The Independent JPEG Group's JPEG software v6a

bc79e068

1995-08-02T00:00:00

The Independent JPEG Group's JPEG software v6

36a4cccc

1994-09-24T00:00:00

The Independent JPEG Group's JPEG software v5

cc7150e2

1993-02-18T00:00:00

The Independent JPEG Group's JPEG software v4a

88aeed42

1992-12-10T00:00:00

The Independent JPEG Group's JPEG software v4

4a6b7303

1992-03-17T00:00:00

The Independent JPEG Group's JPEG software v3

5829cb23

2012-01-15T00:00:00

The Independent JPEG Group's JPEG software v8d

5ead57a3

1998-03-27T00:00:00

The Independent JPEG Group's JPEG software v6b

5de454b2

2014-05-18T19:04:03

libjpeg-turbo has never supported non-ANSI compilers, so get rid of the crufty SIZEOF() macro. It was not being used consistently anyhow, so it would not have been possible to build prior releases of libjpeg-turbo using the broken compilers for which that macro was designed. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1313 632fc199-4ca6-4c93-a231-07263d6284db

5033f3e1

2014-05-18T18:33:44

Remove MS-DOS code and information, and adjust copyright headers to reflect the removal of features in r1307 and r1308. libjpeg-turbo has never supported MS-DOS, nor is it even possible for us to do so. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1312 632fc199-4ca6-4c93-a231-07263d6284db

bc56b754

2014-05-16T10:43:44

Get rid of the HAVE_PROTOTYPES configuration option, as well as the related JMETHOD and JPP macros. libjpeg-turbo has never supported compilers that don't handle prototypes. Doing so requires ansi2knr, which isn't even supported in the IJG code anymore. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1308 632fc199-4ca6-4c93-a231-07263d6284db

b7753510

2014-05-11T09:36:25

Convert tabs to spaces in the libjpeg code and the SIMD code (TurboJPEG retains the use of tabs for historical reasons. They were annoying in the libjpeg code primarily because they were not consistently used and because they were used to format as well as indent the code. In the case of TurboJPEG, tabs are used just to indent the code, so even if the editor assumes a different tab width, the code will still be readable.) git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/branches/1.3.x@1285 632fc199-4ca6-4c93-a231-07263d6284db

e5eaf374

2014-05-09T18:00:32

Convert tabs to spaces in the libjpeg code and the SIMD code (TurboJPEG retains the use of tabs for historical reasons. They were annoying in the libjpeg code primarily because they were not consistently used and because they were used to format as well as indent the code. In the case of TurboJPEG, tabs are used just to indent the code, so even if the editor assumes a different tab width, the code will still be readable.) git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1278 632fc199-4ca6-4c93-a231-07263d6284db

a8eabfeb

2011-03-29T04:58:40

Create local round up function for jmemmgr.c so we can revert the original argument types of jround_up() without breaking the build on 64-bit Windows. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/branches/1.1.x@539 632fc199-4ca6-4c93-a231-07263d6284db

04899094

2010-02-26T23:01:19

Bleepin' Windows uses LLP64, not LP64 git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@158 632fc199-4ca6-4c93-a231-07263d6284db

73118306

2009-03-09T13:30:47

Most SIMD implementations need 16 byte alignment git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@20 632fc199-4ca6-4c93-a231-07263d6284db

5557fd22

2009-03-09T10:34:53

Improve memory allocater alignment handling Fix some broken assumptions and allow any alignment, not just those associated with C types. git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@12 632fc199-4ca6-4c93-a231-07263d6284db

kc3-lang/libjpeg-turbo/jmemmgr.c

jmemmgr.c

Log