diff options
| author | DRC <information@libjpeg-turbo.org> | 2020-11-18 13:25:06 -0600 |
|---|---|---|
| committer | Leon Scroggins <scroggo@google.com> | 2020-12-09 21:17:07 +0000 |
| commit | 080c4cc6fa41ec10eed0ff8253b02065b1d746dc (patch) | |
| tree | 030efa138f69ff8e1f0296e43cda0b0b1898881d | |
| parent | 032cdf8102a640c7ac0c437dfffaf4d2e65399da (diff) | |
| download | libjpeg-turbo-android11-qpr3-release.tar.gz | |
DO NOT MERGE: jpeg_skip_scanlines(): Avoid NULL + 0 UBSan errorandroid-11.0.0_r46android-11.0.0_r43android-11.0.0_r40android-11.0.0_r39android-11.0.0_r38android11-qpr3-s1-releaseandroid11-qpr3-release
Bug: 173702583
Test: Infeasible
Cherry-picked from
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6d2e8837b440ce4d8befd805a5abc0d351028d70
Conflicts:
jdapistd.c
Original commit message below:
This error occurs at the call to (*cinfo->cconvert->color_convert)() in
sep_upsample() whenever cinfo->upsample->need_context_rows == TRUE
(i.e. whenever h2v2 or h1v2 fancy upsampling is used.) The error is
innocuous, since (*cinfo->cconvert->color_convert)() points to a dummy
function (noop_convert()) in that case.
Fixes #470
Change-Id: I0198ba7ec3575d0232837d77f1d0d5345e2325cf
Merged-In: I5608ab5b6eb0f2225cd578a711ea0fa3be09f5e8
| -rw-r--r-- | README.android | 5 | ||||
| -rw-r--r-- | jdapistd.c | 9 |
2 files changed, 13 insertions, 1 deletions
diff --git a/README.android b/README.android index 12f476d1..b585b6b9 100644 --- a/README.android +++ b/README.android @@ -18,3 +18,8 @@ been moved into a dedicated rodata section. There's a pull request upstream for this as well. If that's accepted, this can be removed as an Android-specific modification. https://github.com/libjpeg-turbo/libjpeg-turbo/pull/318 + +(3) jdapistd.c + +Includes a cherry-pick of +https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6d2e8837b440ce4d8befd805a5abc0d351028d70 @@ -316,6 +316,9 @@ LOCAL(void) read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines) { JDIMENSION n; + JSAMPLE dummy_sample[1] = { 0 }; + JSAMPROW dummy_row = dummy_sample; + JSAMPARRAY scanlines = NULL; void (*color_convert) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION input_row, JSAMPARRAY output_buf, int num_rows) = NULL; @@ -325,6 +328,10 @@ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines) if (cinfo->cconvert && cinfo->cconvert->color_convert) { color_convert = cinfo->cconvert->color_convert; cinfo->cconvert->color_convert = noop_convert; + /* This just prevents UBSan from complaining about adding 0 to a NULL + * pointer. The pointer isn't actually used. + */ + scanlines = &dummy_row; } if (cinfo->cquantize && cinfo->cquantize->color_quantize) { @@ -333,7 +340,7 @@ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines) } for (n = 0; n < num_lines; n++) - jpeg_read_scanlines(cinfo, NULL, 1); + jpeg_read_scanlines(cinfo, scanlines, 1); if (color_convert) cinfo->cconvert->color_convert = color_convert; |