Google Git
Sign in
chromium / chromium / deps / libjpeg_turbo / 8ee9bdd068effcf5fe876e401829eadb94569750^! / .
commit8ee9bdd068effcf5fe876e401829eadb94569750[log] [tgz]
authornoel@chromium.org <noel@chromium.org>Mon Apr 27 11:27:28 2015
committernoel@chromium.org <noel@chromium.org>Mon Apr 27 11:27:28 2015
tree6851855b0851748d0ffce6f236a0ee1989619560
parent9e9058be139a32f2d03eddce97fb15ecca92e6bc [diff]
Fix libjpeg_turbo svn r64 libjpeg6b compat issue

Make the fast path Huffman decoder fallback to the slow decoding path if
the Huffman decoding bit sentinel > 16, this to match libjpeg6b decoding
by reproducing the exact behavior of jpeg_huff_decode().

When this sentinel check is missing (see bug), libjpeg_turbo can produce
two (or more) different decoded images for the same input data depending
on how transport systems (eg., networks) packetize the data for delivery
to end-systems, web browsers for example.

Note: libjpeg6b produces the same decoded image, irrespective of how the
input data is placed in network packets. This fix makes libjpeg_turbo do
the same for compat with libjpeg6b.

TBR=darin@chromium.org
BUG=chromium:398235

Review URL: https://codereview.appspot.com/229430043

git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/libjpeg_turbo@295003 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

diff --git a/README.chromium b/README.chromium
index 929c2f1..d7723a0 100644
--- a/README.chromium
+++ b/README.chromium

@@ -31,6 +31,10 @@
 * Removed .func / .endfunc lines from arm assembly
   ( https://sourceforge.net/p/libjpeg-turbo/bugs/72/ , landed at
   https://sourceforge.net/p/libjpeg-turbo/code/1375 ).
+* Fix libjpeg_turbo svn r64 libjpeg6b compat issue: make the fast path Huffman
+  decoder fallback to slow decoding if the Huffman decoding bit sentinel > 16,
+  this to match the exact behavior of jpeg_huff_decode().
+  http://crbug.com/398235
 
 The 'google.patch' file represents our changes from the original
 libjpeg-turbo-1.2.

diff --git a/google.patch b/google.patch
index de6fadd..4d0af8e 100644
--- a/google.patch
+++ b/google.patch

@@ -1852,9 +1852,44 @@
    temp = e->a - qe;
 Index: jdhuff.c
 ===================================================================
---- jdhuff.c	(revision 829)
-+++ jdhuff.c	(working copy)
-@@ -742,7 +742,7 @@
+--- jdhuff.c  (revision 1541)
++++ jdhuff.c  (working copy)
+@@ -662,7 +662,7 @@
+     d_derived_tbl * actbl = entropy->ac_cur_tbls[blkn];
+     register int s, k, r, l;
+ 
+-    HUFF_DECODE_FAST(s, l, dctbl);
++    HUFF_DECODE_FAST(s, l, dctbl, slow_decode_mcu);
+     if (s) {
+       FILL_BIT_BUFFER_FAST
+       r = GET_BITS(s);
+@@ -679,7 +679,7 @@
+     if (entropy->ac_needed[blkn]) {
+ 
+       for (k = 1; k < DCTSIZE2; k++) {
+-        HUFF_DECODE_FAST(s, l, actbl);
++        HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
+         r = s >> 4;
+         s &= 15;
+       
+@@ -698,7 +698,7 @@
+     } else {
+ 
+       for (k = 1; k < DCTSIZE2; k++) {
+-        HUFF_DECODE_FAST(s, l, actbl);
++        HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
+         r = s >> 4;
+         s &= 15;
+ 
+@@ -715,6 +715,7 @@
+   }
+ 
+   if (cinfo->unread_marker != 0) {
++slow_decode_mcu:
+     cinfo->unread_marker = 0;
+     return FALSE;
+   }
+@@ -742,7 +743,7 @@
   * this module, since we'll just re-assign them on the next call.)
   */
  
@@ -1863,6 +1898,31 @@
  
  METHODDEF(boolean)
  decode_mcu (j_decompress_ptr cinfo, JBLOCKROW *MCU_data)
+Index: jdhuff.h
+===================================================================
+--- jdhuff.h  (revision 1541)
++++ jdhuff.h  (working copy)
+@@ -208,7 +208,7 @@
+   } \
+ }
+ 
+-#define HUFF_DECODE_FAST(s,nb,htbl) \
++#define HUFF_DECODE_FAST(s,nb,htbl,slowlabel) \
+   FILL_BIT_BUFFER_FAST; \
+   s = PEEK_BITS(HUFF_LOOKAHEAD); \
+   s = htbl->lookup[s]; \
+@@ -225,7 +225,9 @@
+       s |= GET_BITS(1); \
+       nb++; \
+     } \
+-    s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) & 0xFF ]; \
++    if (nb > 16) \
++      goto slowlabel; \
++    s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) ]; \
+   }
+ 
+ /* Out-of-line case for Huffman code fetching */
+ 
 Index: jchuff.c
 ===================================================================
 --- jchuff.c	(revision 1219)

diff --git a/jdhuff.c b/jdhuff.c
index 6662107..5d023ae 100644
--- a/jdhuff.c
+++ b/jdhuff.c

@@ -663,7 +663,7 @@
     d_derived_tbl * actbl = entropy->ac_cur_tbls[blkn];
     register int s, k, r, l;
 
-    HUFF_DECODE_FAST(s, l, dctbl);
+    HUFF_DECODE_FAST(s, l, dctbl, slow_decode_mcu);
     if (s) {
       FILL_BIT_BUFFER_FAST
       r = GET_BITS(s);
@@ -680,7 +680,7 @@
     if (entropy->ac_needed[blkn]) {
 
       for (k = 1; k < DCTSIZE2; k++) {
-        HUFF_DECODE_FAST(s, l, actbl);
+        HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
         r = s >> 4;
         s &= 15;
       
@@ -699,7 +699,7 @@
     } else {
 
       for (k = 1; k < DCTSIZE2; k++) {
-        HUFF_DECODE_FAST(s, l, actbl);
+        HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
         r = s >> 4;
         s &= 15;
 
@@ -716,6 +716,7 @@
   }
 
   if (cinfo->unread_marker != 0) {
+slow_decode_mcu:
     cinfo->unread_marker = 0;
     return FALSE;
   }

diff --git a/jdhuff.h b/jdhuff.h
index 2201436..027177b 100644
--- a/jdhuff.h
+++ b/jdhuff.h

@@ -209,7 +209,7 @@
   } \
 }
 
-#define HUFF_DECODE_FAST(s,nb,htbl) \
+#define HUFF_DECODE_FAST(s,nb,htbl,slowlabel) \
   FILL_BIT_BUFFER_FAST; \
   s = PEEK_BITS(HUFF_LOOKAHEAD); \
   s = htbl->lookup[s]; \
@@ -226,7 +226,9 @@
       s |= GET_BITS(1); \
       nb++; \
     } \
-    s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) & 0xFF ]; \
+    if (nb > 16) \
+      goto slowlabel; \
+    s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) ]; \
   }
 
 /* Out-of-line case for Huffman code fetching */