kc3-lang/libjpeg-turbo/.github/workflows/build.yml
-
Show log
Commit
-
Hash : da48edfc
Author :
Date : 2023-10-09T14:13:55
jchuff.c: Fix uninit read w/ AArch64, WITH_SIMD=0 Because of bf01ed2fbc02c15e86f414ff4946b66b4e5a00f1, the simd field in huff_entropy_encoder (and, by extension, the simd field in savable_state) is only initialized if WITH_SIMD is defined. Due to an oversight, the simd field in savable_state was queried in flush_bits() regardless of whether WITH_SIMD was defined. In most cases, both branches of the query have identical code, and the optimizer removes the branch. However, because the legacy Neon GAS Huffman encoder uses the older bit buffer logic from libjpeg-turbo 2.0.x and prior (refer to 087c29e07f7533ec82fd7eb1dafc84c29e7870ec), the branches do not have identical code when building for AArch64 with NEON_INTRINSICS undefined (which will be the case if WITH_SIMD is undefined.) Thus, if libjpeg-turbo was built for AArch64 with the SIMD extensions disabled at build time, it was possible for the Neon GAS branch in flush_bits() to be taken, which would have set put_bits to a value that is incorrect for the C Huffman encoder. Referring to #728, a user reported that this issue sometimes caused libjpeg-turbo to generate bogus JPEG images if it was built for AArch64 without SIMD extensions and subsequently used through the Qt framework. (It should be noted, however, that disabling the SIMD extensions in AArch64 builds of libjpeg-turbo is inadvisable for performance reasons.) I was unable to reproduce the issue on Linux/AArch64 using libjpeg-turbo alone, despite testing various versions of GCC and Clang and various optimization levels. However, the issue is reproducible using MSan with -O0, so this commit also modifies the GitHub Actions workflow so that compiler optimization is disabled in the linux-msan job. That should prevent the issue or similar issues from re-emerging. Fixes #728
-
.github/workflows/build.yml
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176
name: Build on: push: branches: - '**' tags-ignore: - '**' pull_request: workflow_dispatch: jobs: linux: runs-on: ubuntu-latest steps: - name: Set global environment variables run: | echo "BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}}" >$GITHUB_ENV - name: Check out code uses: actions/checkout@v3 - name: Set up build run: | mkdir -p $HOME/src/ljt.nightly docker pull dcommander/buildljt:$BRANCH git clone --depth=1 https://github.com/libjpeg-turbo/buildscripts.git -b $BRANCH $HOME/src/buildscripts mkdir $HOME/rpmkeys wget --no-check-certificate "http://www.libjpeg-turbo.org/key/LJTPR-GPG-KEY" -O $HOME/rpmkeys/LJTPR-GPG-KEY - name: Configure GPG signing if: ${{github.event_name != 'pull_request'}} run: | sudo apt install -y gnupg1 printf "${{secrets.GPG_KEY}}" | base64 --decode | gpg1 --batch --import - chmod 600 $HOME/.gnupg/gpg.conf echo "GPG_KEY_NAME=\"${{secrets.GPG_KEY_NAME}}\"" >$HOME/src/buildscripts/gpgsign echo "GPG_KEY_ID=${{secrets.GPG_KEY_ID}}" >>$HOME/src/buildscripts/gpgsign echo "GPG_KEY_PASS=${{secrets.GPG_KEY_PASS}}" >>$HOME/src/buildscripts/gpgsign - name: Build run: | docker run -v $HOME/src/ljt.nightly:/root/src/ljt.nightly -v $HOME/src/buildscripts:/root/src/buildscripts -v $GITHUB_WORKSPACE:/root/src/libjpeg-turbo -v $HOME/.gnupg:/root/.gnupg -v $HOME/rpmkeys:/rpmkeys -t dcommander/buildljt:$BRANCH bash -c "rpm --import /rpmkeys/LJTPR-GPG-KEY && ~/src/buildscripts/buildljt -d /root/src/libjpeg-turbo -v" sudo chown -R runner:runner $HOME/src/ljt.nightly mv $HOME/src/ljt.nightly/latest/log-${{github.job}}.txt $HOME/src/ljt.nightly/latest/files/ - name: Configure AWS if: ${{github.event_name != 'pull_request'}} uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}} aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}} aws-region: ${{secrets.AWS_REGION}} - name: Deploy if: ${{github.event_name != 'pull_request'}} run: | aws s3 sync --acl public-read --delete $HOME/src/ljt.nightly/latest/files/ s3://libjpeg-turbo-pr/${{env.BRANCH}}/${{github.job}}/ macos: runs-on: macos-11 steps: - name: Set global environment variables run: | echo "BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}}" >$GITHUB_ENV - name: Check out code uses: actions/checkout@v3 - name: Set up build run: | brew install yasm md5sha1sum sudo xcode-select -s /Applications/Xcode_12.4.app mkdir -p $HOME/src/ljt.nightly git clone --depth=1 https://github.com/libjpeg-turbo/buildscripts.git -b $BRANCH $HOME/src/buildscripts - name: Configure GPG signing if: ${{github.event_name != 'pull_request'}} run: | printf "${{secrets.GPG_KEY}}" | base64 --decode | gpg --batch --import - echo "GPG_KEY_NAME=\"${{secrets.GPG_KEY_NAME}}\"" >$HOME/src/buildscripts/gpgsign echo "GPG_KEY_ID=${{secrets.GPG_KEY_ID}}" >>$HOME/src/buildscripts/gpgsign echo "GPG_KEY_PASS=${{secrets.GPG_KEY_PASS}}" >>$HOME/src/buildscripts/gpgsign - name: Build run: | $HOME/src/buildscripts/buildljt -d $GITHUB_WORKSPACE -v mv $HOME/src/ljt.nightly/latest/log-${{github.job}}.txt $HOME/src/ljt.nightly/latest/files/ - name: Configure AWS if: ${{github.event_name != 'pull_request'}} uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}} aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}} aws-region: ${{secrets.AWS_REGION}} - name: Deploy if: ${{github.event_name != 'pull_request'}} run: | aws s3 sync --acl public-read --delete $HOME/src/ljt.nightly/latest/files/ s3://libjpeg-turbo-pr/${{env.BRANCH}}/${{github.job}}/ linux-asan-ubsan: runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v3 - name: Set up build run: | sudo apt install -y nasm - name: Build env: ASAN_OPTIONS: "detect_leaks=1 symbolize=1" CTEST_OUTPUT_ON_FAILURE: 1 run: | mkdir build pushd build cmake -G"Unix Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER=clang -DCMAKE_C_FLAGS_RELWITHDEBINFO="-O1 -g -fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer" -DENABLE_SHARED=0 .. export NUMCPUS=`grep -c '^processor' /proc/cpuinfo` make -j$NUMCPUS --load-average=$NUMCPUS make test JSIMD_FORCESSE2=1 make test cmake -DFLOATTEST8=no-fp-contract .. JSIMD_FORCENONE=1 make test popd linux-jpeg7-x32: runs-on: ubuntu-20.04 steps: - name: Check out code uses: actions/checkout@v3 - name: Set up build run: | sudo apt update sudo apt -y --install-recommends install libc6-dev-x32 nasm - name: Build env: CTEST_OUTPUT_ON_FAILURE: 1 run: | mkdir build pushd build cmake -G"Unix Makefiles" -DWITH_JPEG7=1 \ -DCMAKE_C_FLAGS='-mx32 --std=gnu90 -Wall -Werror -Wextra -Wpedantic -pedantic-errors -Wdouble-promotion -Wformat-overflow=2 -Wformat-security -Wformat-signedness -Wformat-truncation=2 -Wformat-y2k -Wmissing-include-dirs -Wshift-overflow=2 -Wswitch-bool -Wno-unused-parameter -Wuninitialized -Wstrict-overflow=2 -Wstringop-overflow=4 -Wstringop-truncation -Wduplicated-branches -Wduplicated-cond -Wdeclaration-after-statement -Wshadow -Wunsafe-loop-optimizations -Wundef -Wcast-align -Wno-clobbered -Wjump-misses-init -Wno-sign-compare -Wlogical-op -Waggregate-return -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-declarations -Wpacked -Wredundant-decls -Wnested-externs -Winline -Wno-long-long -Wdisabled-optimization -Wno-overlength-strings' \ .. export NUMCPUS=`grep -c '^processor' /proc/cpuinfo` make -j$NUMCPUS --load-average=$NUMCPUS make test JSIMD_FORCESSE2=1 make test cmake -DFLOATTEST8=no-fp-contract .. JSIMD_FORCENONE=1 make test popd linux-jpeg8: runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v3 - name: Set up build run: | sudo apt -y install nasm - name: Build env: CTEST_OUTPUT_ON_FAILURE: 1 run: | mkdir build pushd build cmake -G"Unix Makefiles" -DWITH_JPEG8=1 \ -DCMAKE_C_FLAGS='--std=gnu90 -Wall -Werror -Wextra -Wpedantic -pedantic-errors -Wdouble-promotion -Wformat-overflow=2 -Wformat-security -Wformat-signedness -Wformat-truncation=2 -Wformat-y2k -Wmissing-include-dirs -Wshift-overflow=2 -Wswitch-bool -Wno-unused-parameter -Wuninitialized -Wstrict-overflow=2 -Wstringop-overflow=4 -Wstringop-truncation -Wduplicated-branches -Wduplicated-cond -Wdeclaration-after-statement -Wshadow -Wunsafe-loop-optimizations -Wundef -Wcast-align -Wno-clobbered -Wjump-misses-init -Wno-sign-compare -Wlogical-op -Waggregate-return -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wmissing-declarations -Wpacked -Wredundant-decls -Wnested-externs -Winline -Wno-long-long -Wdisabled-optimization -Wno-overlength-strings' \ .. export NUMCPUS=`grep -c '^processor' /proc/cpuinfo` make -j$NUMCPUS --load-average=$NUMCPUS make test JSIMD_FORCESSE2=1 make test cmake -DFLOATTEST8=no-fp-contract .. JSIMD_FORCENONE=1 make test popd linux-msan: runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v3 - name: Build env: CTEST_OUTPUT_ON_FAILURE: 1 run: | mkdir build pushd build cmake -G"Unix Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER=clang -DCMAKE_C_FLAGS_RELWITHDEBINFO="-O0 -g -fsanitize=memory -fno-sanitize-recover=all -fPIE" -DWITH_SIMD=0 .. export NUMCPUS=`grep -c '^processor' /proc/cpuinfo` make -j$NUMCPUS --load-average=$NUMCPUS make test popd