Google Git
Sign in
android / platform / external / libjpeg-turbo / nougat-mr1-cts-release^1..nougat-mr1-cts-release / .
commit0141f11c240da93c012a9ed4bb35308d86d77454[log] [tgz]
authorMatt Sarett <msarett@google.com>Mon Mar 21 13:14:39 2016 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Mon Mar 21 13:14:39 2016 +0000
tree6fe65901a7e5431c46cd9702f754af654f5aa26b
parent4c0cab9a1b865a1d0b4e06b82ff5e3f64c7b30c0 [diff]
parentfba21ad526e6a4b99324ef1769c010b6edb5baf8 [diff]
Merge "Ensure that default Huffman tables are initialized" into nyc-dev
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 5648b50..d27ad40 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt

@@ -1,3 +1,31 @@
+1.4.3
+=====
+
+[1] Fixed a regression caused by 1.4.1[6] that prevented 32-bit and 64-bit
+libjpeg-turbo RPMs from being installed simultaneously on recent Red Hat/Fedora
+distributions.  This was due to the addition of a macro in jconfig.h that
+allows the Huffman codec to determine the word size at compile time.  Since
+that macro differs between 32-bit and 64-bit builds, this caused a conflict
+between the i386 and x86_64 RPMs (any differing files, other than executables,
+are not allowed when 32-bit and 64-bit RPMs are installed simultaneously.)
+Since the macro is used only internally, it has been moved into jconfigint.h.
+
+[2] Fixed an issue in the accelerated Huffman decoder that could have caused
+the decoder to read past the end of the input buffer when a malformed,
+specially-crafted JPEG image was being decompressed.  In prior versions of
+libjpeg-turbo, the accelerated Huffman decoder was invoked (in most cases) only
+if there were > 128 bytes of data in the input buffer.  However, it is possible
+to construct a JPEG image in which a single Huffman block is over 430 bytes
+long, so this version of libjpeg-turbo activates the accelerated Huffman
+decoder only if there are > 512 bytes of data in the input buffer.
+
+[3] Fixed a memory leak in tjunittest encountered when running the program
+with the -yuv option.
+
+[4] Fixed an issue whereby a malformed motion-JPEG frame could cause the "fast
+path" of libjpeg-turbo's Huffman decoder to read from uninitialized memory.
+
+
 1.4.2
 =====
 

diff --git a/jstdhuff.c b/jstdhuff.c
index b29e5ea..1264259 100644
--- a/jstdhuff.c
+++ b/jstdhuff.c

@@ -41,6 +41,7 @@
     ERREXIT(cinfo, JERR_BAD_HUFF_TABLE);
 
   MEMCOPY((*htblptr)->huffval, val, nsymbols * sizeof(UINT8));
+  MEMZERO(&((*htblptr)->huffval[nsymbols]), (256 - nsymbols) * sizeof(UINT8));
 
   /* Initialize sent_table FALSE so table will be written to JPEG file. */
   (*htblptr)->sent_table = FALSE;