jchuff.c: Fix MSan error

Certain rare malformed input images can cause the Huffman encoder to
generate a value for nbits that corresponds to an uninitialized member
of the DC code table.  The ramifications of this are minimal and would
basically amount to a different bogus JPEG image being generated from a
particular bogus input image.

fuzz/compress.cc

@@ -84,11 +84,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
        iterations. */
     if (ti == 0)
       flags |= TJFLAG_BOTTOMUP | TJFLAG_ACCURATEDCT;
-#if !defined(__has_feature) || !__has_feature(memory_sanitizer)
-  /* The libjpeg-turbo baseline Huffman encoder produces false positives with
-     MemorySanitizer. */
     else if (ti == 1)
-#endif
       flags |= TJFLAG_PROGRESSIVE;
 
     /* tjLoadImage() ignores 0-pixel images and images larger than 1 Megapixel

fuzz/compress_yuv.cc

@@ -83,11 +83,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
        iterations. */
     if (ti == 0)
       flags |= TJFLAG_BOTTOMUP | TJFLAG_ACCURATEDCT;
-#if !defined(__has_feature) || !__has_feature(memory_sanitizer)
-  /* The libjpeg-turbo baseline Huffman encoder produces false positives with
-     MemorySanitizer. */
     else if (ti == 1)
-#endif
       flags |= TJFLAG_PROGRESSIVE;
 
     /* tjLoadImage() ignores 0-pixel images and images larger than 1 Megapixel

fuzz/transform.cc

@@ -80,11 +80,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
   transforms[1].r.h = (height + 1) / 2;
   transforms[1].op = TJXOP_TRANSPOSE;
   transforms[1].options = TJXOPT_GRAY | TJXOPT_CROP | TJXOPT_COPYNONE;
-#if defined(__has_feature) && __has_feature(memory_sanitizer)
-  /* The libjpeg-turbo baseline Huffman encoder produces false positives with
-     MemorySanitizer. */
-  transforms[1].options |= TJXOPT_PROGRESSIVE;
-#endif
   dstBufs[1] =
     (unsigned char *)malloc(tjBufSize((width + 1) / 2, (height + 1) / 2,
                                       TJSAMP_GRAY));
@@ -93,9 +88,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
   transforms[2].op = TJXOP_ROT90;
   transforms[2].options = TJXOPT_TRIM | TJXOPT_COPYNONE;
-#if defined(__has_feature) && __has_feature(memory_sanitizer)
-  transforms[2].options |= TJXOPT_PROGRESSIVE;
-#endif
   dstBufs[2] = (unsigned char *)malloc(tjBufSize(height, width, jpegSubsamp));
   if (!dstBufs[2])
     goto bailout;

jchuff.c

@@ -4,7 +4,7 @@
  * This file was part of the Independent JPEG Group's software:
  * Copyright (C) 1991-1997, Thomas G. Lane.
  * libjpeg-turbo Modifications:
- * Copyright (C) 2009-2011, 2014-2016, 2018-2020, D. R. Commander.
+ * Copyright (C) 2009-2011, 2014-2016, 2018-2021, D. R. Commander.
  * Copyright (C) 2015, Matthieu Darbois.
  * Copyright (C) 2018, Matthias Räncker.
  * Copyright (C) 2020, Arm Limited.
@@ -314,6 +314,7 @@ jpeg_make_c_derived_tbl(j_compress_ptr cinfo, boolean isDC, int tblno,
    * this lets us detect duplicate VAL entries here, and later
    * allows emit_bits to detect any attempt to emit such symbols.
    */
+  MEMZERO(dtbl->ehufco, sizeof(dtbl->ehufco));
   MEMZERO(dtbl->ehufsi, sizeof(dtbl->ehufsi));
 
   /* This is also a convenient place to check for out-of-range