jchuff.c: Fix MSan error
Certain rare malformed input images can cause the Huffman encoder to
generate a value for nbits that corresponds to an uninitialized member
of the DC code table. The ramifications of this are minimal and would
basically amount to a different bogus JPEG image being generated from a
particular bogus input image.
diff --git a/fuzz/compress.cc b/fuzz/compress.cc
index 7c94087..f225669 100644
--- a/fuzz/compress.cc
+++ b/fuzz/compress.cc
@@ -84,11 +84,7 @@
iterations. */
if (ti == 0)
flags |= TJFLAG_BOTTOMUP | TJFLAG_ACCURATEDCT;
-#if !defined(__has_feature) || !__has_feature(memory_sanitizer)
- /* The libjpeg-turbo baseline Huffman encoder produces false positives with
- MemorySanitizer. */
else if (ti == 1)
-#endif
flags |= TJFLAG_PROGRESSIVE;
/* tjLoadImage() ignores 0-pixel images and images larger than 1 Megapixel
diff --git a/fuzz/compress_yuv.cc b/fuzz/compress_yuv.cc
index 192bf2e..4a274de 100644
--- a/fuzz/compress_yuv.cc
+++ b/fuzz/compress_yuv.cc
@@ -83,11 +83,7 @@
iterations. */
if (ti == 0)
flags |= TJFLAG_BOTTOMUP | TJFLAG_ACCURATEDCT;
-#if !defined(__has_feature) || !__has_feature(memory_sanitizer)
- /* The libjpeg-turbo baseline Huffman encoder produces false positives with
- MemorySanitizer. */
else if (ti == 1)
-#endif
flags |= TJFLAG_PROGRESSIVE;
/* tjLoadImage() ignores 0-pixel images and images larger than 1 Megapixel
diff --git a/fuzz/transform.cc b/fuzz/transform.cc
index 372b5bb..401018e 100644
--- a/fuzz/transform.cc
+++ b/fuzz/transform.cc
@@ -80,11 +80,6 @@
transforms[1].r.h = (height + 1) / 2;
transforms[1].op = TJXOP_TRANSPOSE;
transforms[1].options = TJXOPT_GRAY | TJXOPT_CROP | TJXOPT_COPYNONE;
-#if defined(__has_feature) && __has_feature(memory_sanitizer)
- /* The libjpeg-turbo baseline Huffman encoder produces false positives with
- MemorySanitizer. */
- transforms[1].options |= TJXOPT_PROGRESSIVE;
-#endif
dstBufs[1] =
(unsigned char *)malloc(tjBufSize((width + 1) / 2, (height + 1) / 2,
TJSAMP_GRAY));
@@ -93,9 +88,6 @@
transforms[2].op = TJXOP_ROT90;
transforms[2].options = TJXOPT_TRIM | TJXOPT_COPYNONE;
-#if defined(__has_feature) && __has_feature(memory_sanitizer)
- transforms[2].options |= TJXOPT_PROGRESSIVE;
-#endif
dstBufs[2] = (unsigned char *)malloc(tjBufSize(height, width, jpegSubsamp));
if (!dstBufs[2])
goto bailout;
diff --git a/jchuff.c b/jchuff.c
index e2d5772..2bce767 100644
--- a/jchuff.c
+++ b/jchuff.c
@@ -4,7 +4,7 @@
* This file was part of the Independent JPEG Group's software:
* Copyright (C) 1991-1997, Thomas G. Lane.
* libjpeg-turbo Modifications:
- * Copyright (C) 2009-2011, 2014-2016, 2018-2020, D. R. Commander.
+ * Copyright (C) 2009-2011, 2014-2016, 2018-2021, D. R. Commander.
* Copyright (C) 2015, Matthieu Darbois.
* Copyright (C) 2018, Matthias Räncker.
* Copyright (C) 2020, Arm Limited.
@@ -314,6 +314,7 @@
* this lets us detect duplicate VAL entries here, and later
* allows emit_bits to detect any attempt to emit such symbols.
*/
+ MEMZERO(dtbl->ehufco, sizeof(dtbl->ehufco));
MEMZERO(dtbl->ehufsi, sizeof(dtbl->ehufsi));
/* This is also a convenient place to check for out-of-range