Silence additional UBSan warnings
NOTE: The jdhuff.c/jdphuff.c warnings should have already been silenced
by 8e9cef2e6f, but apparently I need to
be REALLY clear that I'm trying to do pointer arithmetic rather than
dereference an array. Grrr...
Refer to:
https://bugzilla.mozilla.org/show_bug.cgi?id=1301250
https://bugzilla.mozilla.org/show_bug.cgi?id=1301256
This commit is contained in:
DRC
@@ -69,6 +69,12 @@ affected only 32-bit code and did not pose a security threat, but removing the
|
|||||||
warning makes it easier to detect actual security issues, should they arise in
|
warning makes it easier to detect actual security issues, should they arise in
|
||||||
the future.
|
the future.
|
||||||
|
|
||||||
|
8. Fixed additional negative left shifts and other issues reported by the GCC
|
||||||
|
and Clang undefined behavior sanitizers when attempting to decompress
|
||||||
|
specially-crafted malformed JPEG images. None of these issues posed a security
|
||||||
|
threat, but removing the warnings makes it easier to detect actual security
|
||||||
|
issues, should they arise in the future.
|
||||||
|
|
||||||
|
|
||||||
1.5.0
|
1.5.0
|
||||||
=====
|
=====
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
* This file was part of the Independent JPEG Group's software:
|
* This file was part of the Independent JPEG Group's software:
|
||||||
* Developed 1997-2015 by Guido Vollbeding.
|
* Developed 1997-2015 by Guido Vollbeding.
|
||||||
* libjpeg-turbo Modifications:
|
* libjpeg-turbo Modifications:
|
||||||
* Copyright (C) 2015, D. R. Commander.
|
* Copyright (C) 2015-2016, D. R. Commander.
|
||||||
* For conditions of distribution and use, see the accompanying README.ijg
|
* For conditions of distribution and use, see the accompanying README.ijg
|
||||||
* file.
|
* file.
|
||||||
*
|
*
|
||||||
@@ -382,7 +382,7 @@ decode_mcu_AC_first (j_decompress_ptr cinfo, JBLOCKROW *MCU_data)
|
|||||||
if (arith_decode(cinfo, st)) v |= m;
|
if (arith_decode(cinfo, st)) v |= m;
|
||||||
v += 1; if (sign) v = -v;
|
v += 1; if (sign) v = -v;
|
||||||
/* Scale and output coefficient in natural (dezigzagged) order */
|
/* Scale and output coefficient in natural (dezigzagged) order */
|
||||||
(*block)[jpeg_natural_order[k]] = (JCOEF) (v << cinfo->Al);
|
(*block)[jpeg_natural_order[k]] = (JCOEF) ((unsigned)v << cinfo->Al);
|
||||||
}
|
}
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|||||||
4
jdhuff.c
4
jdhuff.c
@@ -109,9 +109,9 @@ start_pass_huff_decoder (j_decompress_ptr cinfo)
|
|||||||
actbl = compptr->ac_tbl_no;
|
actbl = compptr->ac_tbl_no;
|
||||||
/* Compute derived values for Huffman tables */
|
/* Compute derived values for Huffman tables */
|
||||||
/* We may do this more than once for a table, but it's not expensive */
|
/* We may do this more than once for a table, but it's not expensive */
|
||||||
pdtbl = entropy->dc_derived_tbls + dctbl;
|
pdtbl = (d_derived_tbl **)(entropy->dc_derived_tbls) + dctbl;
|
||||||
jpeg_make_d_derived_tbl(cinfo, TRUE, dctbl, pdtbl);
|
jpeg_make_d_derived_tbl(cinfo, TRUE, dctbl, pdtbl);
|
||||||
pdtbl = entropy->ac_derived_tbls + actbl;
|
pdtbl = (d_derived_tbl **)(entropy->ac_derived_tbls) + actbl;
|
||||||
jpeg_make_d_derived_tbl(cinfo, FALSE, actbl, pdtbl);
|
jpeg_make_d_derived_tbl(cinfo, FALSE, actbl, pdtbl);
|
||||||
/* Initialize DC predictions to 0 */
|
/* Initialize DC predictions to 0 */
|
||||||
entropy->saved.last_dc_val[ci] = 0;
|
entropy->saved.last_dc_val[ci] = 0;
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
* This file was part of the Independent JPEG Group's software:
|
* This file was part of the Independent JPEG Group's software:
|
||||||
* Copyright (C) 1995-1997, Thomas G. Lane.
|
* Copyright (C) 1995-1997, Thomas G. Lane.
|
||||||
* libjpeg-turbo Modifications:
|
* libjpeg-turbo Modifications:
|
||||||
* Copyright (C) 2015, D. R. Commander.
|
* Copyright (C) 2015-2016, D. R. Commander.
|
||||||
* For conditions of distribution and use, see the accompanying README.ijg
|
* For conditions of distribution and use, see the accompanying README.ijg
|
||||||
* file.
|
* file.
|
||||||
*
|
*
|
||||||
@@ -170,12 +170,12 @@ start_pass_phuff_decoder (j_decompress_ptr cinfo)
|
|||||||
if (is_DC_band) {
|
if (is_DC_band) {
|
||||||
if (cinfo->Ah == 0) { /* DC refinement needs no table */
|
if (cinfo->Ah == 0) { /* DC refinement needs no table */
|
||||||
tbl = compptr->dc_tbl_no;
|
tbl = compptr->dc_tbl_no;
|
||||||
pdtbl = entropy->derived_tbls + tbl;
|
pdtbl = (d_derived_tbl **)(entropy->derived_tbls) + tbl;
|
||||||
jpeg_make_d_derived_tbl(cinfo, TRUE, tbl, pdtbl);
|
jpeg_make_d_derived_tbl(cinfo, TRUE, tbl, pdtbl);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
tbl = compptr->ac_tbl_no;
|
tbl = compptr->ac_tbl_no;
|
||||||
pdtbl = entropy->derived_tbls + tbl;
|
pdtbl = (d_derived_tbl **)(entropy->derived_tbls) + tbl;
|
||||||
jpeg_make_d_derived_tbl(cinfo, FALSE, tbl, pdtbl);
|
jpeg_make_d_derived_tbl(cinfo, FALSE, tbl, pdtbl);
|
||||||
/* remember the single active table */
|
/* remember the single active table */
|
||||||
entropy->ac_derived_tbl = entropy->derived_tbls[tbl];
|
entropy->ac_derived_tbl = entropy->derived_tbls[tbl];
|
||||||
|
|||||||
Reference in New Issue
Block a user