| Age | Commit message (Collapse) | Author |
|---|
|
Chromium fuzzers running with MSan found the use of uninitialised
values when decoding a progressive JPEG image.
This commit cherry-picks the upstream fix:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/110d8d6dcafaed517e8f77a6253169535ee3a20e
Original commit message:
decompress_smooth_data(): Fix another uninit. read
Regression introduced by 42825b6
The test case
https://user-images.githubusercontent.com/3491627/101376530-fde56180-38b0-11eb-938d-734119a5b5ba.jpg
is a malformed progressive JPEG image containing an interleaved Y/Cb/Cr
DC scan followed by two non-interleaved Y DC scans. Thus, the
prev_coef_bits[] array was initialized for the Y component but not the
other components, the uninitialized values for Cb and Cr were
transferred to the prev_coef_bits_latch[] array in smoothing_ok(), and
because cinfo->master->last_good_iMCU_row was 0,
decompress_smooth_data() read those uninitialized values when attempting
to smooth the second iMCU row.
Possibly fixes #478
Bug: 1156513
Change-Id: Iff97f04dd27ed95050b05dbd1845489555891a9e
|
|
Update Chromium's copy of libjpeg-turbo to the latest upstream
release (v2.0.90) and re-apply our local changes documented in
README.chromium.
Cherry-pick two additional changes from upstream to fix bugs found
by fuzzers:
1) https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469
2) https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c7ca521bc85b57d41d3ad4963c13fc0100481084
Significant changes provided by this update:
1) A large performance boost to JPEG encoding due to an improved
Huffman encoding implementation.
2) The complete removal of Arm Neon assembly code. This allows Arm's
control-flow integrity security features (Armv8.3-A Pointer
Authentication and Armv8.5-A Branch Target Identification) to be
switched on with the appropriate compiler flags.
Bug: 922430
Bug: b/135180511
Bug: 919548, 1145581
Change-Id: I319fcdc55b3fd5b219425c07a4e4a03587f4e06d
|
|
In order to apply some performance updates from ARM, we need to update
libjpeg-turbo. These performance updates have yielded a 50% speedup on
some devices.
This CL updates our copy of libjpeg-turbo to v2.0.1 and re-applies our
local patches. This patch also deletes some extra files which were not
being used locally.
Update our local patch that was applied to fix http://crbug.com/398235
(https://codereview.appspot.com/229430043/). The original patch
incorrectly removed "& 0xFF" which limited an array index to within
that array's bounds (effectively reverting
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/fa1d18385d904d530b4aec83ab7757a33397de6e).
Restore the mask, making the array access safe and fixing a graphical
glitch which would otherwise be introduced by this change.
Bug:922430
Change-Id: I3860fdb424deecf7a17818ed09a640e632e71f8d
|
|
(Duplicate of https://codereview.chromium.org/1939823002/ for landing.)
TBR=noel@chromium.org,thakis@chromium.org
BUG=608347, 398235, 591927
Review URL: https://codereview.chromium.org/1953443002 .
|
|
jpeg_skip_scanlines() API, a subset decoding optimization
aimed at Android, was submitted upstream r1582. Pull that
change, and sundry fixes, into the Chromium repo.
This new API is targetted at Android devices, not Chrome,
and should have no affect on JPEG decode behavior or perf
of Chrome.
Chrome uses suspending data source JPEG decoding, and the
new API does not support such sources. Adding support for
suspending data sources is a future TODO, should the need
arise (refer to skbug.com/4036).
BUG=515694
BUG=468914
patch from issue 256280043 at patchset 50001 (http://crrev.com/256280043#ps50001)
R=agable@chromium.org
Review URL: https://codereview.chromium.org/1271803002 .
|
|
This change just reapply warning fixes that I forgot reapplying when I updated libjpeg-turbo to 1.1.90.
BUG=none
TEST=build libjpeg-turbo without warnings.
Review URL: http://codereview.chromium.org/7633058
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/libjpeg_turbo@96750 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
This change updates our copy of libjpeg-turbo to 1.1.90 (r677), which supports ARM NEON.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/7554002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/libjpeg_turbo@95196 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
