diff options
author | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-09-01 10:38:56 +0200 |
---|---|---|
committer | Eirik Aavitsland <eirik.aavitsland@qt.io> | 2021-09-22 22:38:12 +0200 |
commit | ea5edb67a9d88b26e04d642ddc1d52debb2897c4 (patch) | |
tree | 1727a53361c16531e8cf9032e81db8994b9e4c1c | |
parent | d4b029df948fb5d7a4ae30a54deec5525a6fc032 (diff) | |
download | qtbase-ea5edb67a9d88b26e04d642ddc1d52debb2897c4.tar.gz |
Update bundled libjpeg-turbo to version 2.1.1
[ChangeLog][Third-Party Code] libjpeg-turbo was updated to version 2.1.1
Change-Id: I22a273018229aa35a175f9e903fa605a3eb55c32
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit a6a3b1e79cf9bd54434ccdb0851fe49f12004152)
-rw-r--r-- | src/3rdparty/libjpeg/qt_attribution.json | 2 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/ChangeLog.md | 38 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jcmaster.c | 2 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jconfig.h | 4 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jconfigint.h | 4 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jconfigint.h.in | 10 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jcphuff.c | 5 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jdapimin.c | 3 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jdhuff.c | 11 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jdmainct.c | 5 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jmemmgr.c | 6 | ||||
-rw-r--r-- | src/3rdparty/libjpeg/src/jpegint.h | 15 |
12 files changed, 81 insertions, 24 deletions
diff --git a/src/3rdparty/libjpeg/qt_attribution.json b/src/3rdparty/libjpeg/qt_attribution.json index 04b89a05bc..ff4d98fb54 100644 --- a/src/3rdparty/libjpeg/qt_attribution.json +++ b/src/3rdparty/libjpeg/qt_attribution.json @@ -6,7 +6,7 @@ "Description": "The Independent JPEG Group's JPEG software", "Homepage": "http://libjpeg-turbo.virtualgl.org/", - "Version": "2.1.0", + "Version": "2.1.1", "License": "Independent JPEG Group License and BSD 3-Clause \"New\" or \"Revised\" License and zlib License", "LicenseId": "IJG AND BSD-3-Clause AND Zlib", "LicenseFiles": [ "LICENSE", "ijg-license.txt", "zlib-license.txt"], diff --git a/src/3rdparty/libjpeg/src/ChangeLog.md b/src/3rdparty/libjpeg/src/ChangeLog.md index 5ecbf3b510..1fcb065a71 100644 --- a/src/3rdparty/libjpeg/src/ChangeLog.md +++ b/src/3rdparty/libjpeg/src/ChangeLog.md @@ -6,6 +6,26 @@ 1. Fixed a regression introduced in 2.1.0 that caused build failures with non-GCC-compatible compilers for Un*x/Arm platforms. +2. Fixed a regression introduced by 2.1 beta1[13] that prevented the Arm 32-bit +(AArch32) Neon SIMD extensions from building unless the C compiler flags +included `-mfloat-abi=softfp` or `-mfloat-abi=hard`. + +3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby reliance on +undefined C compiler behavior led to crashes ("SIGBUS: illegal alignment") on +Android systems when running AArch32/Thumb builds of libjpeg-turbo built with +recent versions of Clang. + +4. Added a command-line argument (`-copy icc`) to jpegtran that causes it to +copy only the ICC profile markers from the source file and discard any other +metadata. + +5. libjpeg-turbo should now build and run on CHERI-enabled architectures, which +use capability pointers that are larger than the size of `size_t`. + +6. Fixed a regression introduced by 2.1 beta1[5] that caused a segfault in the +64-bit SSE2 Huffman encoder when attempting to losslessly transform a +specially-crafted malformed JPEG image. + 2.1.0 ===== @@ -293,15 +313,15 @@ JPEG images. This was known to cause a buffer overflow when attempting to decompress some such images using `tjDecompressToYUV2()` or `tjDecompressToYUVPlanes()`. -5. Fixed an issue, detected by ASan, whereby attempting to losslessly transform -a specially-crafted malformed JPEG image containing an extremely-high-frequency -coefficient block (junk image data that could never be generated by a -legitimate JPEG compressor) could cause the Huffman encoder's local buffer to -be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) Given that the buffer -overrun was fully contained within the stack and did not cause a segfault or -other user-visible errant behavior, and given that the lossless transformer -(unlike the decompressor) is not generally exposed to arbitrary data exploits, -this issue did not likely pose a security risk. +5. Fixed an issue (CVE-2020-17541), detected by ASan, whereby attempting to +losslessly transform a specially-crafted malformed JPEG image containing an +extremely-high-frequency coefficient block (junk image data that could never be +generated by a legitimate JPEG compressor) could cause the Huffman encoder's +local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) Given that +the buffer overrun was fully contained within the stack and did not cause a +segfault or other user-visible errant behavior, and given that the lossless +transformer (unlike the decompressor) is not generally exposed to arbitrary +data exploits, this issue did not likely pose a security risk. 6. The Arm 64-bit (Armv8) Neon SIMD assembly code now stores constants in a separate read-only data section rather than in the text section, to support diff --git a/src/3rdparty/libjpeg/src/jcmaster.c b/src/3rdparty/libjpeg/src/jcmaster.c index 998dc40a5c..c2b2600031 100644 --- a/src/3rdparty/libjpeg/src/jcmaster.c +++ b/src/3rdparty/libjpeg/src/jcmaster.c @@ -493,7 +493,7 @@ prepare_for_pass(j_compress_ptr cinfo) master->pass_type = output_pass; master->pass_number++; #endif - /*FALLTHROUGH*/ + FALLTHROUGH /*FALLTHROUGH*/ case output_pass: /* Do a data-output pass. */ /* We need not repeat per-scan setup if prior optimization pass did it. */ diff --git a/src/3rdparty/libjpeg/src/jconfig.h b/src/3rdparty/libjpeg/src/jconfig.h index fa82022edc..17b9137e3e 100644 --- a/src/3rdparty/libjpeg/src/jconfig.h +++ b/src/3rdparty/libjpeg/src/jconfig.h @@ -2,9 +2,9 @@ #define JPEG_LIB_VERSION 80 -#define LIBJPEG_TURBO_VERSION 2.1.0 +#define LIBJPEG_TURBO_VERSION 2.1.1 -#define LIBJPEG_TURBO_VERSION_NUMBER 2001000 +#define LIBJPEG_TURBO_VERSION_NUMBER 2001001 #define C_ARITH_CODING_SUPPORTED 1 diff --git a/src/3rdparty/libjpeg/src/jconfigint.h b/src/3rdparty/libjpeg/src/jconfigint.h index cfcac904c5..933d92b49c 100644 --- a/src/3rdparty/libjpeg/src/jconfigint.h +++ b/src/3rdparty/libjpeg/src/jconfigint.h @@ -8,10 +8,12 @@ #define PACKAGE_NAME "libjpeg-turbo" -#define VERSION "2.1.0" +#define VERSION "2.1.1" #if SIZE_MAX == 0xffffffff #define SIZEOF_SIZE_T 4 #elif SIZE_MAX == 0xffffffffffffffff #define SIZEOF_SIZE_T 8 #endif + +#define FALLTHROUGH diff --git a/src/3rdparty/libjpeg/src/jconfigint.h.in b/src/3rdparty/libjpeg/src/jconfigint.h.in index 68cbc2a505..d087d7b553 100644 --- a/src/3rdparty/libjpeg/src/jconfigint.h.in +++ b/src/3rdparty/libjpeg/src/jconfigint.h.in @@ -32,3 +32,13 @@ #define HAVE_BITSCANFORWARD #endif #endif + +#if defined(__has_attribute) +#if __has_attribute(fallthrough) +#define FALLTHROUGH __attribute__((fallthrough)); +#else +#define FALLTHROUGH +#endif +#else +#define FALLTHROUGH +#endif diff --git a/src/3rdparty/libjpeg/src/jcphuff.c b/src/3rdparty/libjpeg/src/jcphuff.c index 9bf96124b4..1101987180 100644 --- a/src/3rdparty/libjpeg/src/jcphuff.c +++ b/src/3rdparty/libjpeg/src/jcphuff.c @@ -7,6 +7,7 @@ * Copyright (C) 2011, 2015, 2018, 2021, D. R. Commander. * Copyright (C) 2016, 2018, Matthieu Darbois. * Copyright (C) 2020, Arm Limited. + * Copyright (C) 2021, Alex Richardson. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -680,7 +681,7 @@ encode_mcu_AC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) emit_restart(entropy, entropy->next_restart_num); #ifdef WITH_SIMD - cvalue = values = (JCOEF *)PAD((size_t)values_unaligned, 16); + cvalue = values = (JCOEF *)PAD((JUINTPTR)values_unaligned, 16); #else /* Not using SIMD, so alignment is not needed */ cvalue = values = values_unaligned; @@ -945,7 +946,7 @@ encode_mcu_AC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) emit_restart(entropy, entropy->next_restart_num); #ifdef WITH_SIMD - cabsvalue = absvalues = (JCOEF *)PAD((size_t)absvalues_unaligned, 16); + cabsvalue = absvalues = (JCOEF *)PAD((JUINTPTR)absvalues_unaligned, 16); #else /* Not using SIMD, so alignment is not needed */ cabsvalue = absvalues = absvalues_unaligned; diff --git a/src/3rdparty/libjpeg/src/jdapimin.c b/src/3rdparty/libjpeg/src/jdapimin.c index 21a41d2e9f..4609b1322f 100644 --- a/src/3rdparty/libjpeg/src/jdapimin.c +++ b/src/3rdparty/libjpeg/src/jdapimin.c @@ -23,6 +23,7 @@ #include "jinclude.h" #include "jpeglib.h" #include "jdmaster.h" +#include "jconfigint.h" /* @@ -308,7 +309,7 @@ jpeg_consume_input(j_decompress_ptr cinfo) /* Initialize application's data source module */ (*cinfo->src->init_source) (cinfo); cinfo->global_state = DSTATE_INHEADER; - /*FALLTHROUGH*/ + FALLTHROUGH /*FALLTHROUGH*/ case DSTATE_INHEADER: retcode = (*cinfo->inputctl->consume_input) (cinfo); if (retcode == JPEG_REACHED_SOS) { /* Found SOS, prepare to decompress */ diff --git a/src/3rdparty/libjpeg/src/jdhuff.c b/src/3rdparty/libjpeg/src/jdhuff.c index f786c10547..679d221685 100644 --- a/src/3rdparty/libjpeg/src/jdhuff.c +++ b/src/3rdparty/libjpeg/src/jdhuff.c @@ -584,7 +584,7 @@ decode_mcu_slow(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) * behavior is, to the best of our understanding, innocuous, and it is * unclear how to work around it without potentially affecting * performance. Thus, we (hopefully temporarily) suppress UBSan integer - * overflow errors for this function. + * overflow errors for this function and decode_mcu_fast(). */ s += state.last_dc_val[ci]; state.last_dc_val[ci] = s; @@ -651,6 +651,12 @@ decode_mcu_slow(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) } +#if defined(__has_feature) +#if __has_feature(undefined_behavior_sanitizer) +__attribute__((no_sanitize("signed-integer-overflow"), + no_sanitize("unsigned-integer-overflow"))) +#endif +#endif LOCAL(boolean) decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) { @@ -681,6 +687,9 @@ decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) if (entropy->dc_needed[blkn]) { int ci = cinfo->MCU_membership[blkn]; + /* Refer to the comment in decode_mcu_slow() regarding the supression of + * a UBSan integer overflow error in this line of code. + */ s += state.last_dc_val[ci]; state.last_dc_val[ci] = s; if (block) diff --git a/src/3rdparty/libjpeg/src/jdmainct.c b/src/3rdparty/libjpeg/src/jdmainct.c index 50301d6b50..f466b259f0 100644 --- a/src/3rdparty/libjpeg/src/jdmainct.c +++ b/src/3rdparty/libjpeg/src/jdmainct.c @@ -18,6 +18,7 @@ #include "jinclude.h" #include "jdmainct.h" +#include "jconfigint.h" /* @@ -360,7 +361,7 @@ process_data_context_main(j_decompress_ptr cinfo, JSAMPARRAY output_buf, main_ptr->context_state = CTX_PREPARE_FOR_IMCU; if (*out_row_ctr >= out_rows_avail) return; /* Postprocessor exactly filled output buf */ - /*FALLTHROUGH*/ + FALLTHROUGH /*FALLTHROUGH*/ case CTX_PREPARE_FOR_IMCU: /* Prepare to process first M-1 row groups of this iMCU row */ main_ptr->rowgroup_ctr = 0; @@ -371,7 +372,7 @@ process_data_context_main(j_decompress_ptr cinfo, JSAMPARRAY output_buf, if (main_ptr->iMCU_row_ctr == cinfo->total_iMCU_rows) set_bottom_pointers(cinfo); main_ptr->context_state = CTX_PROCESS_IMCU; - /*FALLTHROUGH*/ + FALLTHROUGH /*FALLTHROUGH*/ case CTX_PROCESS_IMCU: /* Call postprocessor using previously set pointers */ (*cinfo->post->post_process_data) (cinfo, diff --git a/src/3rdparty/libjpeg/src/jmemmgr.c b/src/3rdparty/libjpeg/src/jmemmgr.c index 508ca7429c..70b8ec0c49 100644 --- a/src/3rdparty/libjpeg/src/jmemmgr.c +++ b/src/3rdparty/libjpeg/src/jmemmgr.c @@ -4,7 +4,7 @@ * This file was part of the Independent JPEG Group's software: * Copyright (C) 1991-1997, Thomas G. Lane. * libjpeg-turbo Modifications: - * Copyright (C) 2016, D. R. Commander. + * Copyright (C) 2016, 2021, D. R. Commander. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -1032,7 +1032,7 @@ free_pool(j_common_ptr cinfo, int pool_id) large_pool_ptr next_lhdr_ptr = lhdr_ptr->next; space_freed = lhdr_ptr->bytes_used + lhdr_ptr->bytes_left + - sizeof(large_pool_hdr); + sizeof(large_pool_hdr) + ALIGN_SIZE - 1; jpeg_free_large(cinfo, (void *)lhdr_ptr, space_freed); mem->total_space_allocated -= space_freed; lhdr_ptr = next_lhdr_ptr; @@ -1045,7 +1045,7 @@ free_pool(j_common_ptr cinfo, int pool_id) while (shdr_ptr != NULL) { small_pool_ptr next_shdr_ptr = shdr_ptr->next; space_freed = shdr_ptr->bytes_used + shdr_ptr->bytes_left + - sizeof(small_pool_hdr); + sizeof(small_pool_hdr) + ALIGN_SIZE - 1; jpeg_free_small(cinfo, (void *)shdr_ptr, space_freed); mem->total_space_allocated -= space_freed; shdr_ptr = next_shdr_ptr; diff --git a/src/3rdparty/libjpeg/src/jpegint.h b/src/3rdparty/libjpeg/src/jpegint.h index 195fbcb9b6..8c8534793a 100644 --- a/src/3rdparty/libjpeg/src/jpegint.h +++ b/src/3rdparty/libjpeg/src/jpegint.h @@ -5,8 +5,9 @@ * Copyright (C) 1991-1997, Thomas G. Lane. * Modified 1997-2009 by Guido Vollbeding. * libjpeg-turbo Modifications: - * Copyright (C) 2015-2016, 2019, D. R. Commander. + * Copyright (C) 2015-2016, 2019, 2021, D. R. Commander. * Copyright (C) 2015, Google, Inc. + * Copyright (C) 2021, Alex Richardson. * For conditions of distribution and use, see the accompanying README.ijg * file. * @@ -47,6 +48,18 @@ typedef enum { /* Operating modes for buffer controllers */ /* JLONG must hold at least signed 32-bit values. */ typedef long JLONG; +/* JUINTPTR must hold pointer values. */ +#ifdef __UINTPTR_TYPE__ +/* + * __UINTPTR_TYPE__ is GNU-specific and available in GCC 4.6+ and Clang 3.0+. + * Fortunately, that is sufficient to support the few architectures for which + * sizeof(void *) != sizeof(size_t). The only other options would require C99 + * or Clang-specific builtins. + */ +typedef __UINTPTR_TYPE__ JUINTPTR; +#else +typedef size_t JUINTPTR; +#endif /* * Left shift macro that handles a negative operand without causing any |