Petr Gajdos
5b8774e5c6
3.0.1
=====
* The x86-64 SIMD functions now use a standard stack frame, prologue, and
epilogue so that debuggers and profilers can reliably capture backtraces from
within the functions.
* Fixed two minor issues in the interblock smoothing algorithm that caused
mathematical (but not necessarily perceptible) edge block errors when
decompressing progressive JPEG images exactly two MCU blocks in width or that
use vertical chrominance subsampling.
* Fixed a regression introduced by 3.0 beta2[6] that, in rare cases, caused
the C Huffman encoder (which is not used by default on x86 and Arm CPUs) to
generate incorrect results if the Neon SIMD extensions were explicitly disabled
at build time (by setting the `WITH_SIMD` CMake variable to `0`) in an AArch64
build of libjpeg-turbo.
3.0.0
=====
* The TurboJPEG API now supports 4:4:1 (transposed 4:1:1) chrominance
subsampling, which allows losslessly transposed or rotated 4:1:1 JPEG images to
be losslessly cropped, partially decompressed, or decompressed to planar YUV
images.
* Fixed various segfaults and buffer overruns (CVE-2023-2804) that occurred
when attempting to decompress various specially-crafted malformed
12-bit-per-component and 16-bit-per-component lossless JPEG images using color
quantization or merged chroma upsampling/color conversion. The underlying
cause of these issues was that the color quantization and merged chroma
upsampling/color conversion algorithms were not designed with lossless
decompression in mind. Since libjpeg-turbo explicitly does not support color
conversion when compressing or decompressing lossless JPEG images, merged
chroma upsampling/color conversion never should have been enabled for such
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=147
41 lines
2.1 KiB
Diff
41 lines
2.1 KiB
Diff
Index: libjpeg-turbo-3.0.1/jdhuff.c
|
|
===================================================================
|
|
--- libjpeg-turbo-3.0.1.orig/jdhuff.c
|
|
+++ libjpeg-turbo-3.0.1/jdhuff.c
|
|
@@ -834,3 +834,35 @@ jinit_huff_decoder(j_decompress_ptr cinf
|
|
entropy->dc_derived_tbls[i] = entropy->ac_derived_tbls[i] = NULL;
|
|
}
|
|
}
|
|
+/*
|
|
+ * BEWARE OF KLUDGE: This subroutine is a hack for decoding illegal JPEG-in-
|
|
+ * TIFF encapsulations produced by Microsoft's Wang Imaging
|
|
+ * for Windows application with the public-domain TIFF Library. Based upon an
|
|
+ * examination of selected output files, this program apparently divides a JPEG
|
|
+ * bit-stream into consecutive horizontal TIFF "strips", such that the JPEG
|
|
+ * encoder's/decoder's DC coefficients for each image component are reset before
|
|
+ * each "strip". Moreover, a "strip" is not necessarily encoded in a multiple
|
|
+ * of 8 bits, so one must sometimes discard 1-7 bits at the end of each "strip"
|
|
+ * for alignment to the next input-Byte storage boundary. IJG JPEG Library
|
|
+ * decoder state is not normally exposed to client applications, so this sub-
|
|
+ * routine provides the TIFF Library with a "hook" to make these corrections.
|
|
+ * It should be called after "jpeg_start_decompress()" and before
|
|
+ * "jpeg_finish_decompress()", just before decoding each "strip" using
|
|
+ * "jpeg_read_raw_data()" or "jpeg_read_scanlines()".
|
|
+ *
|
|
+ * This kludge is not sanctioned or supported by the Independent JPEG Group, and
|
|
+ * future changes to the IJG JPEG Library might invalidate it. Do not send bug
|
|
+ * reports about this code to IJG developers. Instead, contact the author for
|
|
+ * advice: Scott B. Marovich <marovich@hpl.hp.com>, Hewlett-Packard Labs, 6/01.
|
|
+ */
|
|
+GLOBAL(void)
|
|
+jpeg_reset_huff_decode (register j_decompress_ptr cinfo,register float *refbw)
|
|
+{ register huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy;
|
|
+ register int ci = 0;
|
|
+
|
|
+ /* Re-initialize DC predictions */
|
|
+ do entropy->saved.last_dc_val[ci] = -refbw[ci << 1];
|
|
+ while (++ci < cinfo->comps_in_scan);
|
|
+ /* Discard encoded input bits, up to the next Byte boundary */
|
|
+ entropy->bitstate.bits_left &= ~7;
|
|
+}
|