e8b40f3c2b
The Gordian knot that 7fec5074f9 attempted
to unravel was caused by the fact that there are several
data-precision-dependent (JSAMPLE-dependent) fields and methods in the
exposed libjpeg API structures, and if you change the exposed libjpeg
API structures, then you have to change the whole API. If you change
the whole API, then you have to provide a whole new library to support
the new API, and that makes it difficult to support multiple data
precisions in the same application. (It is not impossible, as example.c
demonstrated, but using data-precision-dependent libjpeg API structures
would have made the cjpeg, djpeg, and jpegtran source code hard to read,
so it made more sense to build, install, and package 12-bit-specific
versions of those applications.)
Unfortunately, the result of that initial integration effort was an
unreadable and unmaintainable mess, which is a problem for a library
that is an ISO/ITU-T reference implementation. Also, as I dug into the
problem of lossless JPEG support, I realized that 16-bit lossless JPEG
images are a thing, and supporting yet another version of the libjpeg
API just for those images is untenable.
In fact, however, the touch points for JSAMPLE in the exposed libjpeg
API structures are minimal:
- The colormap and sample_range_limit fields in jpeg_decompress_struct
- The alloc_sarray() and access_virt_sarray() methods in
jpeg_memory_mgr
- jpeg_write_scanlines() and jpeg_write_raw_data()
- jpeg_read_scanlines() and jpeg_read_raw_data()
- jpeg_skip_scanlines() and jpeg_crop_scanline()
(This is subtle, but both of those functions use JSAMPLE-dependent
opaque structures behind the scenes.)
It is much more readable and maintainable to provide 12-bit-specific
versions of those six top-level API functions and to document that the
aforementioned methods and fields must be type-cast when using 12-bit
samples. Since that eliminates the need to provide a 12-bit-specific
version of the exposed libjpeg API structures, we can:
- Compile only the precision-dependent libjpeg modules (the
coefficient buffer controllers, the colorspace converters, the
DCT/IDCT managers, the main buffer controllers, the preprocessing
and postprocessing controller, the downsampler and upsamplers, the
quantizers, the integer DCT methods, and the IDCT methods) for
multiple data precisions.
- Introduce 12-bit-specific methods into the various internal
structures defined in jpegint.h.
- Create precision-independent data type, macro, method, field, and
function names that are prefixed by an underscore, and use an
internal header to convert those into precision-dependent data
type, macro, method, field, and function names, based on the value
of BITS_IN_JSAMPLE, when compiling the precision-dependent libjpeg
modules.
- Expose precision-dependent jinit*() functions for each of the
precision-dependent libjpeg modules.
- Abstract the precision-dependent libjpeg modules by calling the
appropriate precision-dependent jinit*() function, based on the
value of cinfo->data_precision, from top-level libjpeg API
functions.
91 lines
3.2 KiB
C++
91 lines
3.2 KiB
C++
/*
|
|
* Copyright (C)2021-2022 D. R. Commander. All Rights Reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
*
|
|
* - Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
* - Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
* - Neither the name of the libjpeg-turbo Project nor the names of its
|
|
* contributors may be used to endorse or promote products derived from this
|
|
* software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS",
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
/* This fuzz target wraps cjpeg in order to test esoteric compression options
|
|
as well as the GIF and Targa readers. */
|
|
|
|
#define main cjpeg_main
|
|
#define CJPEG_FUZZER
|
|
extern "C" {
|
|
#include "../cjpeg.c"
|
|
}
|
|
#undef main
|
|
#undef CJPEG_FUZZER
|
|
|
|
#include <stdint.h>
|
|
#include <unistd.h>
|
|
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|
{
|
|
char filename[FILENAME_MAX] = { 0 };
|
|
char *argv1[] = {
|
|
(char *)"cjpeg", (char *)"-precision", (char *)"12",
|
|
(char *)"-dct", (char *)"int", (char *)"-memdst",
|
|
(char *)"-quality", (char *)"100,99,98", (char *)"-restart", (char *)"2",
|
|
(char *)"-sample", (char *)"4x1,2x2,1x2", (char *)"-ppm", NULL
|
|
};
|
|
char *argv2[] = {
|
|
(char *)"cjpeg", (char *)"-precision", (char *)"12",
|
|
(char *)"-dct", (char *)"fast", (char *)"-memdst",
|
|
(char *)"-quality", (char *)"90,80,70", (char *)"-rgb",
|
|
(char *)"-sample", (char *)"2x1", (char *)"-smooth", (char *)"50",
|
|
(char *)"-gif", NULL
|
|
};
|
|
int fd = -1;
|
|
#if defined(__has_feature) && __has_feature(memory_sanitizer)
|
|
char env[18] = "JSIMD_FORCENONE=1";
|
|
|
|
/* The libjpeg-turbo SIMD extensions produce false positives with
|
|
MemorySanitizer. */
|
|
putenv(env);
|
|
#endif
|
|
|
|
snprintf(filename, FILENAME_MAX, "/tmp/libjpeg-turbo_cjpeg12_fuzz.XXXXXX");
|
|
if ((fd = mkstemp(filename)) < 0 || write(fd, data, size) < 0)
|
|
goto bailout;
|
|
|
|
argv1[12] = argv2[13] = filename;
|
|
|
|
cjpeg_main(13, argv1);
|
|
cjpeg_main(14, argv2);
|
|
|
|
argv1[12] = argv2[13] = NULL;
|
|
argv1[11] = argv2[12] = filename;
|
|
|
|
cjpeg_main(12, argv1);
|
|
cjpeg_main(13, argv2);
|
|
|
|
bailout:
|
|
if (fd >= 0) {
|
|
close(fd);
|
|
if (strlen(filename) > 0) unlink(filename);
|
|
}
|
|
return 0;
|
|
}
|