/src/libjpeg-turbo.main/jdhuff.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * jdhuff.c |
3 | | * |
4 | | * This file was part of the Independent JPEG Group's software: |
5 | | * Copyright (C) 1991-1997, Thomas G. Lane. |
6 | | * libjpeg-turbo Modifications: |
7 | | * Copyright (C) 2009-2011, 2016, 2018-2019, D. R. Commander. |
8 | | * Copyright (C) 2018, Matthias Räncker. |
9 | | * For conditions of distribution and use, see the accompanying README.ijg |
10 | | * file. |
11 | | * |
12 | | * This file contains Huffman entropy decoding routines. |
13 | | * |
14 | | * Much of the complexity here has to do with supporting input suspension. |
15 | | * If the data source module demands suspension, we want to be able to back |
16 | | * up to the start of the current MCU. To do this, we copy state variables |
17 | | * into local working storage, and update them back to the permanent |
18 | | * storage only upon successful completion of an MCU. |
19 | | * |
20 | | * NOTE: All referenced figures are from |
21 | | * Recommendation ITU-T T.81 (1992) | ISO/IEC 10918-1:1994. |
22 | | */ |
23 | | |
24 | | #define JPEG_INTERNALS |
25 | | #include "jinclude.h" |
26 | | #include "jpeglib.h" |
27 | | #include "jdhuff.h" /* Declarations shared with jdphuff.c */ |
28 | | #include "jpegcomp.h" |
29 | | #include "jstdhuff.c" |
30 | | |
31 | | |
32 | | /* |
33 | | * Expanded entropy decoder object for Huffman decoding. |
34 | | * |
35 | | * The savable_state subrecord contains fields that change within an MCU, |
36 | | * but must not be updated permanently until we complete the MCU. |
37 | | */ |
38 | | |
39 | | typedef struct { |
40 | | int last_dc_val[MAX_COMPS_IN_SCAN]; /* last DC coef for each component */ |
41 | | } savable_state; |
42 | | |
43 | | typedef struct { |
44 | | struct jpeg_entropy_decoder pub; /* public fields */ |
45 | | |
46 | | /* These fields are loaded into local variables at start of each MCU. |
47 | | * In case of suspension, we exit WITHOUT updating them. |
48 | | */ |
49 | | bitread_perm_state bitstate; /* Bit buffer at start of MCU */ |
50 | | savable_state saved; /* Other state at start of MCU */ |
51 | | |
52 | | /* These fields are NOT loaded into local working state. */ |
53 | | unsigned int restarts_to_go; /* MCUs left in this restart interval */ |
54 | | |
55 | | /* Pointers to derived tables (these workspaces have image lifespan) */ |
56 | | d_derived_tbl *dc_derived_tbls[NUM_HUFF_TBLS]; |
57 | | d_derived_tbl *ac_derived_tbls[NUM_HUFF_TBLS]; |
58 | | |
59 | | /* Precalculated info set up by start_pass for use in decode_mcu: */ |
60 | | |
61 | | /* Pointers to derived tables to be used for each block within an MCU */ |
62 | | d_derived_tbl *dc_cur_tbls[D_MAX_BLOCKS_IN_MCU]; |
63 | | d_derived_tbl *ac_cur_tbls[D_MAX_BLOCKS_IN_MCU]; |
64 | | /* Whether we care about the DC and AC coefficient values for each block */ |
65 | | boolean dc_needed[D_MAX_BLOCKS_IN_MCU]; |
66 | | boolean ac_needed[D_MAX_BLOCKS_IN_MCU]; |
67 | | } huff_entropy_decoder; |
68 | | |
69 | | typedef huff_entropy_decoder *huff_entropy_ptr; |
70 | | |
71 | | |
72 | | /* |
73 | | * Initialize for a Huffman-compressed scan. |
74 | | */ |
75 | | |
76 | | METHODDEF(void) |
77 | | start_pass_huff_decoder(j_decompress_ptr cinfo) |
78 | 73.7k | { |
79 | 73.7k | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
80 | 73.7k | int ci, blkn, dctbl, actbl; |
81 | 73.7k | d_derived_tbl **pdtbl; |
82 | 73.7k | jpeg_component_info *compptr; |
83 | | |
84 | | /* Check that the scan parameters Ss, Se, Ah/Al are OK for sequential JPEG. |
85 | | * This ought to be an error condition, but we make it a warning because |
86 | | * there are some baseline files out there with all zeroes in these bytes. |
87 | | */ |
88 | 73.7k | if (cinfo->Ss != 0 || cinfo->Se != DCTSIZE2 - 1 || |
89 | 73.7k | cinfo->Ah != 0 || cinfo->Al != 0) |
90 | 71.9k | WARNMS(cinfo, JWRN_NOT_SEQUENTIAL); |
91 | | |
92 | 152k | for (ci = 0; ci < cinfo->comps_in_scan; ci++) { |
93 | 79.2k | compptr = cinfo->cur_comp_info[ci]; |
94 | 79.2k | dctbl = compptr->dc_tbl_no; |
95 | 79.2k | actbl = compptr->ac_tbl_no; |
96 | | /* Compute derived values for Huffman tables */ |
97 | | /* We may do this more than once for a table, but it's not expensive */ |
98 | 79.2k | pdtbl = (d_derived_tbl **)(entropy->dc_derived_tbls) + dctbl; |
99 | 79.2k | jpeg_make_d_derived_tbl(cinfo, TRUE, dctbl, pdtbl); |
100 | 79.2k | pdtbl = (d_derived_tbl **)(entropy->ac_derived_tbls) + actbl; |
101 | 79.2k | jpeg_make_d_derived_tbl(cinfo, FALSE, actbl, pdtbl); |
102 | | /* Initialize DC predictions to 0 */ |
103 | 79.2k | entropy->saved.last_dc_val[ci] = 0; |
104 | 79.2k | } |
105 | | |
106 | | /* Precalculate decoding info for each block in an MCU of this scan */ |
107 | 163k | for (blkn = 0; blkn < cinfo->blocks_in_MCU; blkn++) { |
108 | 89.5k | ci = cinfo->MCU_membership[blkn]; |
109 | 89.5k | compptr = cinfo->cur_comp_info[ci]; |
110 | | /* Precalculate which table to use for each block */ |
111 | 89.5k | entropy->dc_cur_tbls[blkn] = entropy->dc_derived_tbls[compptr->dc_tbl_no]; |
112 | 89.5k | entropy->ac_cur_tbls[blkn] = entropy->ac_derived_tbls[compptr->ac_tbl_no]; |
113 | | /* Decide whether we really care about the coefficient values */ |
114 | 89.5k | if (compptr->component_needed) { |
115 | 63.7k | entropy->dc_needed[blkn] = TRUE; |
116 | | /* we don't need the ACs if producing a 1/8th-size image */ |
117 | 63.7k | entropy->ac_needed[blkn] = (compptr->_DCT_scaled_size > 1); |
118 | 63.7k | } else { |
119 | 25.8k | entropy->dc_needed[blkn] = entropy->ac_needed[blkn] = FALSE; |
120 | 25.8k | } |
121 | 89.5k | } |
122 | | |
123 | | /* Initialize bitread state variables */ |
124 | 73.7k | entropy->bitstate.bits_left = 0; |
125 | 73.7k | entropy->bitstate.get_buffer = 0; /* unnecessary, but keeps Purify quiet */ |
126 | 73.7k | entropy->pub.insufficient_data = FALSE; |
127 | | |
128 | | /* Initialize restart counter */ |
129 | 73.7k | entropy->restarts_to_go = cinfo->restart_interval; |
130 | 73.7k | } |
131 | | |
132 | | |
133 | | /* |
134 | | * Compute the derived values for a Huffman table. |
135 | | * This routine also performs some validation checks on the table. |
136 | | * |
137 | | * Note this is also used by jdphuff.c. |
138 | | */ |
139 | | |
140 | | GLOBAL(void) |
141 | | jpeg_make_d_derived_tbl(j_decompress_ptr cinfo, boolean isDC, int tblno, |
142 | | d_derived_tbl **pdtbl) |
143 | 198k | { |
144 | 198k | JHUFF_TBL *htbl; |
145 | 198k | d_derived_tbl *dtbl; |
146 | 198k | int p, i, l, si, numsymbols; |
147 | 198k | int lookbits, ctr; |
148 | 198k | char huffsize[257]; |
149 | 198k | unsigned int huffcode[257]; |
150 | 198k | unsigned int code; |
151 | | |
152 | | /* Note that huffsize[] and huffcode[] are filled in code-length order, |
153 | | * paralleling the order of the symbols themselves in htbl->huffval[]. |
154 | | */ |
155 | | |
156 | | /* Find the input Huffman table */ |
157 | 198k | if (tblno < 0 || tblno >= NUM_HUFF_TBLS) |
158 | 341 | ERREXIT1(cinfo, JERR_NO_HUFF_TABLE, tblno); |
159 | 198k | htbl = |
160 | 198k | isDC ? cinfo->dc_huff_tbl_ptrs[tblno] : cinfo->ac_huff_tbl_ptrs[tblno]; |
161 | 198k | if (htbl == NULL) |
162 | 42 | ERREXIT1(cinfo, JERR_NO_HUFF_TABLE, tblno); |
163 | | |
164 | | /* Allocate a workspace if we haven't already done so. */ |
165 | 198k | if (*pdtbl == NULL) |
166 | 21.0k | *pdtbl = (d_derived_tbl *) |
167 | 21.0k | (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, |
168 | 21.0k | sizeof(d_derived_tbl)); |
169 | 198k | dtbl = *pdtbl; |
170 | 198k | dtbl->pub = htbl; /* fill in back link */ |
171 | | |
172 | | /* Figure C.1: make table of Huffman code length for each symbol */ |
173 | | |
174 | 198k | p = 0; |
175 | 3.36M | for (l = 1; l <= 16; l++) { |
176 | 3.16M | i = (int)htbl->bits[l]; |
177 | 3.16M | if (i < 0 || p + i > 256) /* protect against table overrun */ |
178 | 0 | ERREXIT(cinfo, JERR_BAD_HUFF_TABLE); |
179 | 6.39M | while (i--) |
180 | 3.23M | huffsize[p++] = (char)l; |
181 | 3.16M | } |
182 | 198k | huffsize[p] = 0; |
183 | 198k | numsymbols = p; |
184 | | |
185 | | /* Figure C.2: generate the codes themselves */ |
186 | | /* We also validate that the counts represent a legal Huffman code tree. */ |
187 | | |
188 | 198k | code = 0; |
189 | 198k | si = huffsize[0]; |
190 | 198k | p = 0; |
191 | 1.45M | while (huffsize[p]) { |
192 | 4.48M | while (((int)huffsize[p]) == si) { |
193 | 3.22M | huffcode[p++] = code; |
194 | 3.22M | code++; |
195 | 3.22M | } |
196 | | /* code is now 1 more than the last code used for codelength si; but |
197 | | * it must still fit in si bits, since no code is allowed to be all ones. |
198 | | */ |
199 | 1.25M | if (((JLONG)code) >= (((JLONG)1) << si)) |
200 | 80 | ERREXIT(cinfo, JERR_BAD_HUFF_TABLE); |
201 | 1.25M | code <<= 1; |
202 | 1.25M | si++; |
203 | 1.25M | } |
204 | | |
205 | | /* Figure F.15: generate decoding tables for bit-sequential decoding */ |
206 | | |
207 | 198k | p = 0; |
208 | 3.35M | for (l = 1; l <= 16; l++) { |
209 | 3.16M | if (htbl->bits[l]) { |
210 | | /* valoffset[l] = huffval[] index of 1st symbol of code length l, |
211 | | * minus the minimum code of length l |
212 | | */ |
213 | 1.01M | dtbl->valoffset[l] = (JLONG)p - (JLONG)huffcode[p]; |
214 | 1.01M | p += htbl->bits[l]; |
215 | 1.01M | dtbl->maxcode[l] = huffcode[p - 1]; /* maximum code of length l */ |
216 | 2.14M | } else { |
217 | 2.14M | dtbl->maxcode[l] = -1; /* -1 if no codes of this length */ |
218 | 2.14M | } |
219 | 3.16M | } |
220 | 198k | dtbl->valoffset[17] = 0; |
221 | 198k | dtbl->maxcode[17] = 0xFFFFFL; /* ensures jpeg_huff_decode terminates */ |
222 | | |
223 | | /* Compute lookahead tables to speed up decoding. |
224 | | * First we set all the table entries to 0, indicating "too long"; |
225 | | * then we iterate through the Huffman codes that are short enough and |
226 | | * fill in all the entries that correspond to bit sequences starting |
227 | | * with that code. |
228 | | */ |
229 | | |
230 | 50.7M | for (i = 0; i < (1 << HUFF_LOOKAHEAD); i++) |
231 | 50.5M | dtbl->lookup[i] = (HUFF_LOOKAHEAD + 1) << HUFF_LOOKAHEAD; |
232 | | |
233 | 198k | p = 0; |
234 | 1.77M | for (l = 1; l <= HUFF_LOOKAHEAD; l++) { |
235 | 4.25M | for (i = 1; i <= (int)htbl->bits[l]; i++, p++) { |
236 | | /* l = current code's length, p = its index in huffcode[] & huffval[]. */ |
237 | | /* Generate left-justified code followed by all possible bit sequences */ |
238 | 2.67M | lookbits = huffcode[p] << (HUFF_LOOKAHEAD - l); |
239 | 45.6M | for (ctr = 1 << (HUFF_LOOKAHEAD - l); ctr > 0; ctr--) { |
240 | 42.9M | dtbl->lookup[lookbits] = (l << HUFF_LOOKAHEAD) | htbl->huffval[p]; |
241 | 42.9M | lookbits++; |
242 | 42.9M | } |
243 | 2.67M | } |
244 | 1.58M | } |
245 | | |
246 | | /* Validate symbols as being reasonable. |
247 | | * For AC tables, we make no check, but accept all byte values 0..255. |
248 | | * For DC tables, we require the symbols to be in range 0..15. |
249 | | * (Tighter bounds could be applied depending on the data depth and mode, |
250 | | * but this is sufficient to ensure safe decoding.) |
251 | | */ |
252 | 198k | if (isDC) { |
253 | 682k | for (i = 0; i < numsymbols; i++) { |
254 | 593k | int sym = htbl->huffval[i]; |
255 | 593k | if (sym < 0 || sym > 15) |
256 | 279 | ERREXIT(cinfo, JERR_BAD_HUFF_TABLE); |
257 | 593k | } |
258 | 88.9k | } |
259 | 198k | } |
260 | | |
261 | | |
262 | | /* |
263 | | * Out-of-line code for bit fetching (shared with jdphuff.c). |
264 | | * See jdhuff.h for info about usage. |
265 | | * Note: current values of get_buffer and bits_left are passed as parameters, |
266 | | * but are returned in the corresponding fields of the state struct. |
267 | | * |
268 | | * On most machines MIN_GET_BITS should be 25 to allow the full 32-bit width |
269 | | * of get_buffer to be used. (On machines with wider words, an even larger |
270 | | * buffer could be used.) However, on some machines 32-bit shifts are |
271 | | * quite slow and take time proportional to the number of places shifted. |
272 | | * (This is true with most PC compilers, for instance.) In this case it may |
273 | | * be a win to set MIN_GET_BITS to the minimum value of 15. This reduces the |
274 | | * average shift distance at the cost of more calls to jpeg_fill_bit_buffer. |
275 | | */ |
276 | | |
277 | | #ifdef SLOW_SHIFT_32 |
278 | | #define MIN_GET_BITS 15 /* minimum allowable value */ |
279 | | #else |
280 | 6.09M | #define MIN_GET_BITS (BIT_BUF_SIZE - 7) |
281 | | #endif |
282 | | |
283 | | |
284 | | GLOBAL(boolean) |
285 | | jpeg_fill_bit_buffer(bitread_working_state *state, |
286 | | register bit_buf_type get_buffer, register int bits_left, |
287 | | int nbits) |
288 | | /* Load up the bit buffer to a depth of at least nbits */ |
289 | 1.79M | { |
290 | | /* Copy heavily used state fields into locals (hopefully registers) */ |
291 | 1.79M | register const JOCTET *next_input_byte = state->next_input_byte; |
292 | 1.79M | register size_t bytes_in_buffer = state->bytes_in_buffer; |
293 | 1.79M | j_decompress_ptr cinfo = state->cinfo; |
294 | | |
295 | | /* Attempt to load at least MIN_GET_BITS bits into get_buffer. */ |
296 | | /* (It is assumed that no request will be for more than that many bits.) */ |
297 | | /* We fail to do so only if we hit a marker or are forced to suspend. */ |
298 | | |
299 | 1.79M | if (cinfo->unread_marker == 0) { /* cannot advance past a marker */ |
300 | 5.29M | while (bits_left < MIN_GET_BITS) { |
301 | 4.72M | register int c; |
302 | | |
303 | | /* Attempt to read a byte */ |
304 | 4.72M | if (bytes_in_buffer == 0) { |
305 | 1.81k | if (!(*cinfo->src->fill_input_buffer) (cinfo)) |
306 | 0 | return FALSE; |
307 | 1.81k | next_input_byte = cinfo->src->next_input_byte; |
308 | 1.81k | bytes_in_buffer = cinfo->src->bytes_in_buffer; |
309 | 1.81k | } |
310 | 4.72M | bytes_in_buffer--; |
311 | 4.72M | c = *next_input_byte++; |
312 | | |
313 | | /* If it's 0xFF, check and discard stuffed zero byte */ |
314 | 4.72M | if (c == 0xFF) { |
315 | | /* Loop here to discard any padding FF's on terminating marker, |
316 | | * so that we can save a valid unread_marker value. NOTE: we will |
317 | | * accept multiple FF's followed by a 0 as meaning a single FF data |
318 | | * byte. This data pattern is not valid according to the standard. |
319 | | */ |
320 | 124k | do { |
321 | 124k | if (bytes_in_buffer == 0) { |
322 | 41 | if (!(*cinfo->src->fill_input_buffer) (cinfo)) |
323 | 0 | return FALSE; |
324 | 41 | next_input_byte = cinfo->src->next_input_byte; |
325 | 41 | bytes_in_buffer = cinfo->src->bytes_in_buffer; |
326 | 41 | } |
327 | 124k | bytes_in_buffer--; |
328 | 124k | c = *next_input_byte++; |
329 | 124k | } while (c == 0xFF); |
330 | | |
331 | 111k | if (c == 0) { |
332 | | /* Found FF/00, which represents an FF data byte */ |
333 | 4.04k | c = 0xFF; |
334 | 107k | } else { |
335 | | /* Oops, it's actually a marker indicating end of compressed data. |
336 | | * Save the marker code for later use. |
337 | | * Fine point: it might appear that we should save the marker into |
338 | | * bitread working state, not straight into permanent state. But |
339 | | * once we have hit a marker, we cannot need to suspend within the |
340 | | * current MCU, because we will read no more bytes from the data |
341 | | * source. So it is OK to update permanent state right away. |
342 | | */ |
343 | 107k | cinfo->unread_marker = c; |
344 | | /* See if we need to insert some fake zero bits. */ |
345 | 107k | goto no_more_bytes; |
346 | 107k | } |
347 | 111k | } |
348 | | |
349 | | /* OK, load c into get_buffer */ |
350 | 4.61M | get_buffer = (get_buffer << 8) | c; |
351 | 4.61M | bits_left += 8; |
352 | 4.61M | } /* end while */ |
353 | 1.12M | } else { |
354 | 1.22M | no_more_bytes: |
355 | | /* We get here if we've read the marker that terminates the compressed |
356 | | * data segment. There should be enough bits in the buffer register |
357 | | * to satisfy the request; if so, no problem. |
358 | | */ |
359 | 1.22M | if (nbits > bits_left) { |
360 | | /* Uh-oh. Report corrupted data to user and stuff zeroes into |
361 | | * the data stream, so that we can produce some kind of image. |
362 | | * We use a nonvolatile flag to ensure that only one warning message |
363 | | * appears per data segment. |
364 | | */ |
365 | 402k | if (!cinfo->entropy->insufficient_data) { |
366 | 116k | WARNMS(cinfo, JWRN_HIT_MARKER); |
367 | 116k | cinfo->entropy->insufficient_data = TRUE; |
368 | 116k | } |
369 | | /* Fill the buffer with zero bits */ |
370 | 402k | get_buffer <<= MIN_GET_BITS - bits_left; |
371 | 402k | bits_left = MIN_GET_BITS; |
372 | 402k | } |
373 | 1.22M | } |
374 | | |
375 | | /* Unload the local registers */ |
376 | 1.79M | state->next_input_byte = next_input_byte; |
377 | 1.79M | state->bytes_in_buffer = bytes_in_buffer; |
378 | 1.79M | state->get_buffer = get_buffer; |
379 | 1.79M | state->bits_left = bits_left; |
380 | | |
381 | 1.79M | return TRUE; |
382 | 1.79M | } |
383 | | |
384 | | |
385 | | /* Macro version of the above, which performs much better but does not |
386 | | handle markers. We have to hand off any blocks with markers to the |
387 | | slower routines. */ |
388 | | |
389 | 1.88M | #define GET_BYTE { \ |
390 | 1.88M | register int c0, c1; \ |
391 | 1.88M | c0 = *buffer++; \ |
392 | 1.88M | c1 = *buffer; \ |
393 | 1.88M | /* Pre-execute most common case */ \ |
394 | 1.88M | get_buffer = (get_buffer << 8) | c0; \ |
395 | 1.88M | bits_left += 8; \ |
396 | 1.88M | if (c0 == 0xFF) { \ |
397 | 466k | /* Pre-execute case of FF/00, which represents an FF data byte */ \ |
398 | 466k | buffer++; \ |
399 | 466k | if (c1 != 0) { \ |
400 | 457k | /* Oops, it's actually a marker indicating end of compressed data. */ \ |
401 | 457k | cinfo->unread_marker = c1; \ |
402 | 457k | /* Back out pre-execution and fill the buffer with zero bits */ \ |
403 | 457k | buffer -= 2; \ |
404 | 457k | get_buffer &= ~0xFF; \ |
405 | 457k | } \ |
406 | 466k | } \ |
407 | 1.88M | } |
408 | | |
409 | | #if SIZEOF_SIZE_T == 8 || defined(_WIN64) || (defined(__x86_64__) && defined(__ILP32__)) |
410 | | |
411 | | /* Pre-fetch 48 bytes, because the holding register is 64-bit */ |
412 | | #define FILL_BIT_BUFFER_FAST \ |
413 | 5.70M | if (bits_left <= 16) { \ |
414 | 313k | GET_BYTE GET_BYTE GET_BYTE GET_BYTE GET_BYTE GET_BYTE \ |
415 | 313k | } |
416 | | |
417 | | #else |
418 | | |
419 | | /* Pre-fetch 16 bytes, because the holding register is 32-bit */ |
420 | | #define FILL_BIT_BUFFER_FAST \ |
421 | | if (bits_left <= 16) { \ |
422 | | GET_BYTE GET_BYTE \ |
423 | | } |
424 | | |
425 | | #endif |
426 | | |
427 | | |
428 | | /* |
429 | | * Out-of-line code for Huffman code decoding. |
430 | | * See jdhuff.h for info about usage. |
431 | | */ |
432 | | |
433 | | GLOBAL(int) |
434 | | jpeg_huff_decode(bitread_working_state *state, |
435 | | register bit_buf_type get_buffer, register int bits_left, |
436 | | d_derived_tbl *htbl, int min_bits) |
437 | 930k | { |
438 | 930k | register int l = min_bits; |
439 | 930k | register JLONG code; |
440 | | |
441 | | /* HUFF_DECODE has determined that the code is at least min_bits */ |
442 | | /* bits long, so fetch that many bits in one swoop. */ |
443 | | |
444 | 930k | CHECK_BIT_BUFFER(*state, l, return -1); |
445 | 930k | code = GET_BITS(l); |
446 | | |
447 | | /* Collect the rest of the Huffman code one bit at a time. */ |
448 | | /* This is per Figure F.16. */ |
449 | | |
450 | 3.49M | while (code > htbl->maxcode[l]) { |
451 | 2.56M | code <<= 1; |
452 | 2.56M | CHECK_BIT_BUFFER(*state, 1, return -1); |
453 | 2.56M | code |= GET_BITS(1); |
454 | 2.56M | l++; |
455 | 2.56M | } |
456 | | |
457 | | /* Unload the local registers */ |
458 | 930k | state->get_buffer = get_buffer; |
459 | 930k | state->bits_left = bits_left; |
460 | | |
461 | | /* With garbage input we may reach the sentinel value l = 17. */ |
462 | | |
463 | 930k | if (l > 16) { |
464 | 186k | WARNMS(state->cinfo, JWRN_HUFF_BAD_CODE); |
465 | 186k | return 0; /* fake a zero as the safest result */ |
466 | 186k | } |
467 | | |
468 | 744k | return htbl->pub->huffval[(int)(code + htbl->valoffset[l])]; |
469 | 930k | } |
470 | | |
471 | | |
472 | | /* |
473 | | * Figure F.12: extend sign bit. |
474 | | * On some machines, a shift and add will be faster than a table lookup. |
475 | | */ |
476 | | |
477 | | #define AVOID_TABLES |
478 | | #ifdef AVOID_TABLES |
479 | | |
480 | 6.38M | #define NEG_1 ((unsigned int)-1) |
481 | | #define HUFF_EXTEND(x, s) \ |
482 | 6.38M | ((x) + ((((x) - (1 << ((s) - 1))) >> 31) & (((NEG_1) << (s)) + 1))) |
483 | | |
484 | | #else |
485 | | |
486 | | #define HUFF_EXTEND(x, s) \ |
487 | | ((x) < extend_test[s] ? (x) + extend_offset[s] : (x)) |
488 | | |
489 | | static const int extend_test[16] = { /* entry n is 2**(n-1) */ |
490 | | 0, 0x0001, 0x0002, 0x0004, 0x0008, 0x0010, 0x0020, 0x0040, 0x0080, |
491 | | 0x0100, 0x0200, 0x0400, 0x0800, 0x1000, 0x2000, 0x4000 |
492 | | }; |
493 | | |
494 | | static const int extend_offset[16] = { /* entry n is (-1 << n) + 1 */ |
495 | | 0, ((-1) << 1) + 1, ((-1) << 2) + 1, ((-1) << 3) + 1, ((-1) << 4) + 1, |
496 | | ((-1) << 5) + 1, ((-1) << 6) + 1, ((-1) << 7) + 1, ((-1) << 8) + 1, |
497 | | ((-1) << 9) + 1, ((-1) << 10) + 1, ((-1) << 11) + 1, ((-1) << 12) + 1, |
498 | | ((-1) << 13) + 1, ((-1) << 14) + 1, ((-1) << 15) + 1 |
499 | | }; |
500 | | |
501 | | #endif /* AVOID_TABLES */ |
502 | | |
503 | | |
504 | | /* |
505 | | * Check for a restart marker & resynchronize decoder. |
506 | | * Returns FALSE if must suspend. |
507 | | */ |
508 | | |
509 | | LOCAL(boolean) |
510 | | process_restart(j_decompress_ptr cinfo) |
511 | 445k | { |
512 | 445k | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
513 | 445k | int ci; |
514 | | |
515 | | /* Throw away any unused bits remaining in bit buffer; */ |
516 | | /* include any full bytes in next_marker's count of discarded bytes */ |
517 | 445k | cinfo->marker->discarded_bytes += entropy->bitstate.bits_left / 8; |
518 | 445k | entropy->bitstate.bits_left = 0; |
519 | | |
520 | | /* Advance past the RSTn marker */ |
521 | 445k | if (!(*cinfo->marker->read_restart_marker) (cinfo)) |
522 | 0 | return FALSE; |
523 | | |
524 | | /* Re-initialize DC predictions to 0 */ |
525 | 893k | for (ci = 0; ci < cinfo->comps_in_scan; ci++) |
526 | 447k | entropy->saved.last_dc_val[ci] = 0; |
527 | | |
528 | | /* Reset restart counter */ |
529 | 445k | entropy->restarts_to_go = cinfo->restart_interval; |
530 | | |
531 | | /* Reset out-of-data flag, unless read_restart_marker left us smack up |
532 | | * against a marker. In that case we will end up treating the next data |
533 | | * segment as empty, and we can avoid producing bogus output pixels by |
534 | | * leaving the flag set. |
535 | | */ |
536 | 445k | if (cinfo->unread_marker == 0) |
537 | 12.9k | entropy->pub.insufficient_data = FALSE; |
538 | | |
539 | 445k | return TRUE; |
540 | 445k | } |
541 | | |
542 | | |
543 | | #if defined(__has_feature) |
544 | | #if __has_feature(undefined_behavior_sanitizer) |
545 | | __attribute__((no_sanitize("signed-integer-overflow"), |
546 | | no_sanitize("unsigned-integer-overflow"))) |
547 | | #endif |
548 | | #endif |
549 | | LOCAL(boolean) |
550 | | decode_mcu_slow(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) |
551 | 188k | { |
552 | 188k | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
553 | 188k | BITREAD_STATE_VARS; |
554 | 188k | int blkn; |
555 | 188k | savable_state state; |
556 | | /* Outer loop handles each block in the MCU */ |
557 | | |
558 | | /* Load up working state */ |
559 | 188k | BITREAD_LOAD_STATE(cinfo, entropy->bitstate); |
560 | 188k | state = entropy->saved; |
561 | | |
562 | 475k | for (blkn = 0; blkn < cinfo->blocks_in_MCU; blkn++) { |
563 | 287k | JBLOCKROW block = MCU_data ? MCU_data[blkn] : NULL; |
564 | 287k | d_derived_tbl *dctbl = entropy->dc_cur_tbls[blkn]; |
565 | 287k | d_derived_tbl *actbl = entropy->ac_cur_tbls[blkn]; |
566 | 287k | register int s, k, r; |
567 | | |
568 | | /* Decode a single block's worth of coefficients */ |
569 | | |
570 | | /* Section F.2.2.1: decode the DC coefficient difference */ |
571 | 287k | HUFF_DECODE(s, br_state, dctbl, return FALSE, label1); |
572 | 287k | if (s) { |
573 | 215k | CHECK_BIT_BUFFER(br_state, s, return FALSE); |
574 | 215k | r = GET_BITS(s); |
575 | 215k | s = HUFF_EXTEND(r, s); |
576 | 215k | } |
577 | | |
578 | 287k | if (entropy->dc_needed[blkn]) { |
579 | | /* Convert DC difference to actual value, update last_dc_val */ |
580 | 217k | int ci = cinfo->MCU_membership[blkn]; |
581 | | /* Certain malformed JPEG images produce repeated DC coefficient |
582 | | * differences of 2047 or -2047, which causes state.last_dc_val[ci] to |
583 | | * grow until it overflows or underflows a 32-bit signed integer. This |
584 | | * behavior is, to the best of our understanding, innocuous, and it is |
585 | | * unclear how to work around it without potentially affecting |
586 | | * performance. Thus, we (hopefully temporarily) suppress UBSan integer |
587 | | * overflow errors for this function and decode_mcu_fast(). |
588 | | */ |
589 | 217k | s += state.last_dc_val[ci]; |
590 | 217k | state.last_dc_val[ci] = s; |
591 | 217k | if (block) { |
592 | | /* Output the DC coefficient (assumes jpeg_natural_order[0] = 0) */ |
593 | 217k | (*block)[0] = (JCOEF)s; |
594 | 217k | } |
595 | 217k | } |
596 | | |
597 | 287k | if (entropy->ac_needed[blkn] && block) { |
598 | | |
599 | | /* Section F.2.2.2: decode the AC coefficients */ |
600 | | /* Since zeroes are skipped, output area must be cleared beforehand */ |
601 | 4.49M | for (k = 1; k < DCTSIZE2; k++) { |
602 | 4.42M | HUFF_DECODE(s, br_state, actbl, return FALSE, label2); |
603 | | |
604 | 4.42M | r = s >> 4; |
605 | 4.42M | s &= 15; |
606 | | |
607 | 4.42M | if (s) { |
608 | 4.24M | k += r; |
609 | 4.24M | CHECK_BIT_BUFFER(br_state, s, return FALSE); |
610 | 4.24M | r = GET_BITS(s); |
611 | 4.24M | s = HUFF_EXTEND(r, s); |
612 | | /* Output coefficient in natural (dezigzagged) order. |
613 | | * Note: the extra entries in jpeg_natural_order[] will save us |
614 | | * if k >= DCTSIZE2, which could happen if the data is corrupted. |
615 | | */ |
616 | 4.24M | (*block)[jpeg_natural_order[k]] = (JCOEF)s; |
617 | 4.24M | } else { |
618 | 178k | if (r != 15) |
619 | 150k | break; |
620 | 28.6k | k += 15; |
621 | 28.6k | } |
622 | 4.42M | } |
623 | | |
624 | 217k | } else { |
625 | | |
626 | | /* Section F.2.2.2: decode the AC coefficients */ |
627 | | /* In this path we just discard the values */ |
628 | 1.84M | for (k = 1; k < DCTSIZE2; k++) { |
629 | 1.81M | HUFF_DECODE(s, br_state, actbl, return FALSE, label3); |
630 | | |
631 | 1.81M | r = s >> 4; |
632 | 1.81M | s &= 15; |
633 | | |
634 | 1.81M | if (s) { |
635 | 1.77M | k += r; |
636 | 1.77M | CHECK_BIT_BUFFER(br_state, s, return FALSE); |
637 | 1.77M | DROP_BITS(s); |
638 | 1.77M | } else { |
639 | 43.6k | if (r != 15) |
640 | 41.7k | break; |
641 | 1.92k | k += 15; |
642 | 1.92k | } |
643 | 1.81M | } |
644 | 70.2k | } |
645 | 287k | } |
646 | | |
647 | | /* Completed MCU, so update state */ |
648 | 188k | BITREAD_SAVE_STATE(cinfo, entropy->bitstate); |
649 | 188k | entropy->saved = state; |
650 | 188k | return TRUE; |
651 | 188k | } |
652 | | |
653 | | |
654 | | #if defined(__has_feature) |
655 | | #if __has_feature(undefined_behavior_sanitizer) |
656 | | __attribute__((no_sanitize("signed-integer-overflow"), |
657 | | no_sanitize("unsigned-integer-overflow"))) |
658 | | #endif |
659 | | #endif |
660 | | LOCAL(boolean) |
661 | | decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) |
662 | 221k | { |
663 | 221k | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
664 | 221k | BITREAD_STATE_VARS; |
665 | 221k | JOCTET *buffer; |
666 | 221k | int blkn; |
667 | 221k | savable_state state; |
668 | | /* Outer loop handles each block in the MCU */ |
669 | | |
670 | | /* Load up working state */ |
671 | 221k | BITREAD_LOAD_STATE(cinfo, entropy->bitstate); |
672 | 221k | buffer = (JOCTET *)br_state.next_input_byte; |
673 | 221k | state = entropy->saved; |
674 | | |
675 | 449k | for (blkn = 0; blkn < cinfo->blocks_in_MCU; blkn++) { |
676 | 228k | JBLOCKROW block = MCU_data ? MCU_data[blkn] : NULL; |
677 | 228k | d_derived_tbl *dctbl = entropy->dc_cur_tbls[blkn]; |
678 | 228k | d_derived_tbl *actbl = entropy->ac_cur_tbls[blkn]; |
679 | 228k | register int s, k, r, l; |
680 | | |
681 | 228k | HUFF_DECODE_FAST(s, l, dctbl); |
682 | 228k | if (s) { |
683 | 196k | FILL_BIT_BUFFER_FAST |
684 | 196k | r = GET_BITS(s); |
685 | 196k | s = HUFF_EXTEND(r, s); |
686 | 196k | } |
687 | | |
688 | 228k | if (entropy->dc_needed[blkn]) { |
689 | 155k | int ci = cinfo->MCU_membership[blkn]; |
690 | | /* Refer to the comment in decode_mcu_slow() regarding the supression of |
691 | | * a UBSan integer overflow error in this line of code. |
692 | | */ |
693 | 155k | s += state.last_dc_val[ci]; |
694 | 155k | state.last_dc_val[ci] = s; |
695 | 155k | if (block) |
696 | 155k | (*block)[0] = (JCOEF)s; |
697 | 155k | } |
698 | | |
699 | 228k | if (entropy->ac_needed[blkn] && block) { |
700 | | |
701 | 1.87M | for (k = 1; k < DCTSIZE2; k++) { |
702 | 1.84M | HUFF_DECODE_FAST(s, l, actbl); |
703 | 1.84M | r = s >> 4; |
704 | 1.84M | s &= 15; |
705 | | |
706 | 1.84M | if (s) { |
707 | 1.72M | k += r; |
708 | 1.72M | FILL_BIT_BUFFER_FAST |
709 | 1.72M | r = GET_BITS(s); |
710 | 1.72M | s = HUFF_EXTEND(r, s); |
711 | 1.72M | (*block)[jpeg_natural_order[k]] = (JCOEF)s; |
712 | 1.72M | } else { |
713 | 121k | if (r != 15) break; |
714 | 1.24k | k += 15; |
715 | 1.24k | } |
716 | 1.84M | } |
717 | | |
718 | 155k | } else { |
719 | | |
720 | 904k | for (k = 1; k < DCTSIZE2; k++) { |
721 | 887k | HUFF_DECODE_FAST(s, l, actbl); |
722 | 887k | r = s >> 4; |
723 | 887k | s &= 15; |
724 | | |
725 | 887k | if (s) { |
726 | 831k | k += r; |
727 | 831k | FILL_BIT_BUFFER_FAST |
728 | 831k | DROP_BITS(s); |
729 | 831k | } else { |
730 | 55.6k | if (r != 15) break; |
731 | 483 | k += 15; |
732 | 483 | } |
733 | 887k | } |
734 | 72.5k | } |
735 | 228k | } |
736 | | |
737 | 221k | if (cinfo->unread_marker != 0) { |
738 | 37.2k | cinfo->unread_marker = 0; |
739 | 37.2k | return FALSE; |
740 | 37.2k | } |
741 | | |
742 | 184k | br_state.bytes_in_buffer -= (buffer - br_state.next_input_byte); |
743 | 184k | br_state.next_input_byte = buffer; |
744 | 184k | BITREAD_SAVE_STATE(cinfo, entropy->bitstate); |
745 | 184k | entropy->saved = state; |
746 | 184k | return TRUE; |
747 | 221k | } |
748 | | |
749 | | |
750 | | /* |
751 | | * Decode and return one MCU's worth of Huffman-compressed coefficients. |
752 | | * The coefficients are reordered from zigzag order into natural array order, |
753 | | * but are not dequantized. |
754 | | * |
755 | | * The i'th block of the MCU is stored into the block pointed to by |
756 | | * MCU_data[i]. WE ASSUME THIS AREA HAS BEEN ZEROED BY THE CALLER. |
757 | | * (Wholesale zeroing is usually a little faster than retail...) |
758 | | * |
759 | | * Returns FALSE if data source requested suspension. In that case no |
760 | | * changes have been made to permanent state. (Exception: some output |
761 | | * coefficients may already have been assigned. This is harmless for |
762 | | * this module, since we'll just re-assign them on the next call.) |
763 | | */ |
764 | | |
765 | 2.57M | #define BUFSIZE (DCTSIZE2 * 8) |
766 | | |
767 | | METHODDEF(boolean) |
768 | | decode_mcu(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) |
769 | 2.57M | { |
770 | 2.57M | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
771 | 2.57M | int usefast = 1; |
772 | | |
773 | | /* Process restart marker if needed; may have to suspend */ |
774 | 2.57M | if (cinfo->restart_interval) { |
775 | 1.38M | if (entropy->restarts_to_go == 0) |
776 | 445k | if (!process_restart(cinfo)) |
777 | 0 | return FALSE; |
778 | 1.38M | usefast = 0; |
779 | 1.38M | } |
780 | | |
781 | 2.57M | if (cinfo->src->bytes_in_buffer < BUFSIZE * (size_t)cinfo->blocks_in_MCU || |
782 | 2.57M | cinfo->unread_marker != 0) |
783 | 2.31M | usefast = 0; |
784 | | |
785 | | /* If we've run out of data, just leave the MCU set to zeroes. |
786 | | * This way, we return uniform gray for the remainder of the segment. |
787 | | */ |
788 | 2.57M | if (!entropy->pub.insufficient_data) { |
789 | | |
790 | 372k | if (usefast) { |
791 | 221k | if (!decode_mcu_fast(cinfo, MCU_data)) goto use_slow; |
792 | 221k | } else { |
793 | 188k | use_slow: |
794 | 188k | if (!decode_mcu_slow(cinfo, MCU_data)) return FALSE; |
795 | 188k | } |
796 | | |
797 | 372k | } |
798 | | |
799 | | /* Account for restart interval (no-op if not using restarts) */ |
800 | 2.57M | if (cinfo->restart_interval) |
801 | 1.38M | entropy->restarts_to_go--; |
802 | | |
803 | 2.57M | return TRUE; |
804 | 2.57M | } |
805 | | |
806 | | |
807 | | /* |
808 | | * Module initialization routine for Huffman entropy decoding. |
809 | | */ |
810 | | |
811 | | GLOBAL(void) |
812 | | jinit_huff_decoder(j_decompress_ptr cinfo) |
813 | 5.66k | { |
814 | 5.66k | huff_entropy_ptr entropy; |
815 | 5.66k | int i; |
816 | | |
817 | | /* Motion JPEG frames typically do not include the Huffman tables if they |
818 | | are the default tables. Thus, if the tables are not set by the time |
819 | | the Huffman decoder is initialized (usually within the body of |
820 | | jpeg_start_decompress()), we set them to default values. */ |
821 | 5.66k | std_huff_tables((j_common_ptr)cinfo); |
822 | | |
823 | 5.66k | entropy = (huff_entropy_ptr) |
824 | 5.66k | (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, |
825 | 5.66k | sizeof(huff_entropy_decoder)); |
826 | 5.66k | cinfo->entropy = (struct jpeg_entropy_decoder *)entropy; |
827 | 5.66k | entropy->pub.start_pass = start_pass_huff_decoder; |
828 | 5.66k | entropy->pub.decode_mcu = decode_mcu; |
829 | | |
830 | | /* Mark tables unallocated */ |
831 | 28.3k | for (i = 0; i < NUM_HUFF_TBLS; i++) { |
832 | 22.6k | entropy->dc_derived_tbls[i] = entropy->ac_derived_tbls[i] = NULL; |
833 | 22.6k | } |
834 | 5.66k | } |