Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.
Bug 1050342. Fix a case where the fast huffman decoder in libjpeg-turbo can produce different results depending on how data is fed to it.
This change comes from the blink repo https://codereview.appspot.com/229430043/ and is unlikely to be accepted upstream into libjpeg-turbo.
diff --git jdhuff.c jdhuff.c
--- jdhuff.c
+++ jdhuff.c
@@ -674,9 +674,9 @@ decode_mcu_fast(j_decompress_ptr cinfo,
d_derived_tbl *dctbl = entropy->dc_cur_tbls[blkn];
d_derived_tbl *actbl = entropy->ac_cur_tbls[blkn];
register int s, k, r, l;
- HUFF_DECODE_FAST(s, l, dctbl);
+ HUFF_DECODE_FAST(s, l, dctbl, slow_decode_mcu);
if (s) {
FILL_BIT_BUFFER_FAST
r = GET_BITS(s);
s = HUFF_EXTEND(r, s);
@@ -692,9 +692,9 @@ decode_mcu_fast(j_decompress_ptr cinfo,
if (entropy->ac_needed[blkn] && block) {
for (k = 1; k < DCTSIZE2; k++) {
- HUFF_DECODE_FAST(s, l, actbl);
+ HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
r = s >> 4;
s &= 15;
@@ -711,9 +711,9 @@ decode_mcu_fast(j_decompress_ptr cinfo,
} else {
@@ -728,8 +728,9 @@ decode_mcu_fast(j_decompress_ptr cinfo,
}
if (cinfo->unread_marker != 0) {
+slow_decode_mcu:
cinfo->unread_marker = 0;
return FALSE;
diff --git jdhuff.h jdhuff.h
--- jdhuff.h
+++ jdhuff.h
@@ -210,9 +210,9 @@ slowlabel: \
get_buffer = state.get_buffer; bits_left = state.bits_left; \
} \
-#define HUFF_DECODE_FAST(s, nb, htbl) \
+#define HUFF_DECODE_FAST(s, nb, htbl, slowlabel) \
FILL_BIT_BUFFER_FAST; \
s = PEEK_BITS(HUFF_LOOKAHEAD); \
s = htbl->lookup[s]; \
nb = s >> HUFF_LOOKAHEAD; \
@@ -227,9 +227,11 @@ slowlabel: \
s <<= 1; \
s |= GET_BITS(1); \
nb++; \
- s = htbl->pub->huffval[(int)(s + htbl->valoffset[nb]) & 0xFF]; \
+ if (nb > 16) \
+ goto slowlabel; \
+ s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) ]; \
/* Out-of-line case for Huffman code fetching */
EXTERN(int) jpeg_huff_decode(bitread_working_state *state,