kc3-lang/libjpeg-turbo/jsimd.h

• Show log

  Commit

• Hash : 78a36f6d
  Author :
  Date : 2022-11-15T17:01:17
  

  Fix buffer overrun in 12-bit prog Huffman encoder
  
  Regression introduced by 16bd984557fa2c490be0b9665e2ea0d4274528a8 and
  5b177b3cab5cfb661256c1e74df160158ec6c34e
  
  The pre-computed absolute values used in encode_mcu_AC_first() and
  encode_mcu_AC_refine() were stored in a JCOEF (signed short) array.
  When attempting to losslessly transform a specially-crafted malformed
  12-bit JPEG image with a coefficient value of -32768 into a progressive
  12-bit JPEG image, the progressive Huffman encoder attempted to store
  the absolute value of -32768 in the JCOEF array, thus overflowing the
  16-bit signed data type.  Therefore, at this point in the code:
  https://github.com/libjpeg-turbo/libjpeg-turbo/blob/8c5e78ce292c1642057102eac42f12ab57964293/jcphuff.c#L889
  the absolute value was read as -32768, which caused the test at
  https://github.com/libjpeg-turbo/libjpeg-turbo/blob/8c5e78ce292c1642057102eac42f12ab57964293/jcphuff.c#L896
  to fail, falling through to
  https://github.com/libjpeg-turbo/libjpeg-turbo/blob/8c5e78ce292c1642057102eac42f12ab57964293/jcphuff.c#L908
  with an overly large value of r (46) that, when shifted left four
  places, incremented, and passed to emit_symbol(), exceeded the maximum
  index (255) for the derived code tables.  Fortunately, the buffer
  overrun was fully contained within phuff_entropy_encoder, so the issue
  did not generate a segfault or other user-visible errant behavior, but
  it did cause a UBSan failure that was detected by OSS-Fuzz.
  
  This commit introduces an unsigned JCOEF (UJCOEF) data type and uses it
  to store the absolute values of DCT coefficients computed by the
  AC_first_prepare() and AC_refine_prepare() methods.
  
  Note that the changes to the Arm Neon progressive Huffman encoder
  extensions cause signed 16-bit instructions to be replaced with
  equivalent unsigned 16-bit instructions, so the changes should be
  performance-neutral.
  
  Based on:
  https://github.com/mayeut/libjpeg-turbo/commit/bbf61c0382c4f8bd1f1cfc666467581496c2fb7c
  
  Closes #628
  

Download

• jsimd.h

• /*
   * jsimd.h
   *
   * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB
   * Copyright (C) 2011, 2014, 2022, D. R. Commander.
   * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois.
   * Copyright (C) 2020, Arm Limited.
   *
   * Based on the x86 SIMD extension for IJG JPEG library,
   * Copyright (C) 1999-2006, MIYASAKA Masaru.
   * For conditions of distribution and use, see copyright notice in jsimdext.inc
   *
   */
  
  #include "jchuff.h"             /* Declarations shared with jcphuff.c */
  
  EXTERN(int) jsimd_can_rgb_ycc(void);
  EXTERN(int) jsimd_can_rgb_gray(void);
  EXTERN(int) jsimd_can_ycc_rgb(void);
  EXTERN(int) jsimd_can_ycc_rgb565(void);
  EXTERN(int) jsimd_c_can_null_convert(void);
  
  EXTERN(void) jsimd_rgb_ycc_convert(j_compress_ptr cinfo, JSAMPARRAY input_buf,
                                     JSAMPIMAGE output_buf,
                                     JDIMENSION output_row, int num_rows);
  EXTERN(void) jsimd_rgb_gray_convert(j_compress_ptr cinfo, JSAMPARRAY input_buf,
                                      JSAMPIMAGE output_buf,
                                      JDIMENSION output_row, int num_rows);
  EXTERN(void) jsimd_ycc_rgb_convert(j_decompress_ptr cinfo,
                                     JSAMPIMAGE input_buf, JDIMENSION input_row,
                                     JSAMPARRAY output_buf, int num_rows);
  EXTERN(void) jsimd_ycc_rgb565_convert(j_decompress_ptr cinfo,
                                        JSAMPIMAGE input_buf,
                                        JDIMENSION input_row,
                                        JSAMPARRAY output_buf, int num_rows);
  EXTERN(void) jsimd_c_null_convert(j_compress_ptr cinfo, JSAMPARRAY input_buf,
                                    JSAMPIMAGE output_buf, JDIMENSION output_row,
                                    int num_rows);
  
  EXTERN(int) jsimd_can_h2v2_downsample(void);
  EXTERN(int) jsimd_can_h2v1_downsample(void);
  
  EXTERN(void) jsimd_h2v2_downsample(j_compress_ptr cinfo,
                                     jpeg_component_info *compptr,
                                     JSAMPARRAY input_data,
                                     JSAMPARRAY output_data);
  
  EXTERN(int) jsimd_can_h2v2_smooth_downsample(void);
  
  EXTERN(void) jsimd_h2v2_smooth_downsample(j_compress_ptr cinfo,
                                            jpeg_component_info *compptr,
                                            JSAMPARRAY input_data,
                                            JSAMPARRAY output_data);
  
  EXTERN(void) jsimd_h2v1_downsample(j_compress_ptr cinfo,
                                     jpeg_component_info *compptr,
                                     JSAMPARRAY input_data,
                                     JSAMPARRAY output_data);
  
  EXTERN(int) jsimd_can_h2v2_upsample(void);
  EXTERN(int) jsimd_can_h2v1_upsample(void);
  EXTERN(int) jsimd_can_int_upsample(void);
  
  EXTERN(void) jsimd_h2v2_upsample(j_decompress_ptr cinfo,
                                   jpeg_component_info *compptr,
                                   JSAMPARRAY input_data,
                                   JSAMPARRAY *output_data_ptr);
  EXTERN(void) jsimd_h2v1_upsample(j_decompress_ptr cinfo,
                                   jpeg_component_info *compptr,
                                   JSAMPARRAY input_data,
                                   JSAMPARRAY *output_data_ptr);
  EXTERN(void) jsimd_int_upsample(j_decompress_ptr cinfo,
                                  jpeg_component_info *compptr,
                                  JSAMPARRAY input_data,
                                  JSAMPARRAY *output_data_ptr);
  
  EXTERN(int) jsimd_can_h2v2_fancy_upsample(void);
  EXTERN(int) jsimd_can_h2v1_fancy_upsample(void);
  EXTERN(int) jsimd_can_h1v2_fancy_upsample(void);
  
  EXTERN(void) jsimd_h2v2_fancy_upsample(j_decompress_ptr cinfo,
                                         jpeg_component_info *compptr,
                                         JSAMPARRAY input_data,
                                         JSAMPARRAY *output_data_ptr);
  EXTERN(void) jsimd_h2v1_fancy_upsample(j_decompress_ptr cinfo,
                                         jpeg_component_info *compptr,
                                         JSAMPARRAY input_data,
                                         JSAMPARRAY *output_data_ptr);
  EXTERN(void) jsimd_h1v2_fancy_upsample(j_decompress_ptr cinfo,
                                         jpeg_component_info *compptr,
                                         JSAMPARRAY input_data,
                                         JSAMPARRAY *output_data_ptr);
  
  EXTERN(int) jsimd_can_h2v2_merged_upsample(void);
  EXTERN(int) jsimd_can_h2v1_merged_upsample(void);
  
  EXTERN(void) jsimd_h2v2_merged_upsample(j_decompress_ptr cinfo,
                                          JSAMPIMAGE input_buf,
                                          JDIMENSION in_row_group_ctr,
                                          JSAMPARRAY output_buf);
  EXTERN(void) jsimd_h2v1_merged_upsample(j_decompress_ptr cinfo,
                                          JSAMPIMAGE input_buf,
                                          JDIMENSION in_row_group_ctr,
                                          JSAMPARRAY output_buf);
  
  EXTERN(int) jsimd_can_huff_encode_one_block(void);
  
  EXTERN(JOCTET *) jsimd_huff_encode_one_block(void *state, JOCTET *buffer,
                                               JCOEFPTR block, int last_dc_val,
                                               c_derived_tbl *dctbl,
                                               c_derived_tbl *actbl);
  
  EXTERN(int) jsimd_can_encode_mcu_AC_first_prepare(void);
  
  EXTERN(void) jsimd_encode_mcu_AC_first_prepare
    (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al,
     UJCOEF *values, size_t *zerobits);
  
  EXTERN(int) jsimd_can_encode_mcu_AC_refine_prepare(void);
  
  EXTERN(int) jsimd_encode_mcu_AC_refine_prepare
    (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al,
     UJCOEF *absvalues, size_t *bits);
  

Download