/src/libjpeg-turbo/jdhuff.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * jdhuff.c |
3 | | * |
4 | | * This file was part of the Independent JPEG Group's software: |
5 | | * Copyright (C) 1991-1997, Thomas G. Lane. |
6 | | * libjpeg-turbo Modifications: |
7 | | * Copyright (C) 2009-2011, 2016, 2018-2019, D. R. Commander. |
8 | | * Copyright (C) 2018, Matthias Räncker. |
9 | | * For conditions of distribution and use, see the accompanying README.ijg |
10 | | * file. |
11 | | * |
12 | | * This file contains Huffman entropy decoding routines. |
13 | | * |
14 | | * Much of the complexity here has to do with supporting input suspension. |
15 | | * If the data source module demands suspension, we want to be able to back |
16 | | * up to the start of the current MCU. To do this, we copy state variables |
17 | | * into local working storage, and update them back to the permanent |
18 | | * storage only upon successful completion of an MCU. |
19 | | * |
20 | | * NOTE: All referenced figures are from |
21 | | * Recommendation ITU-T T.81 (1992) | ISO/IEC 10918-1:1994. |
22 | | */ |
23 | | |
24 | | #define JPEG_INTERNALS |
25 | | #include "jinclude.h" |
26 | | #include "jpeglib.h" |
27 | | #include "jdhuff.h" /* Declarations shared with jdphuff.c */ |
28 | | #include "jpegcomp.h" |
29 | | #include "jstdhuff.c" |
30 | | |
31 | | |
32 | | /* |
33 | | * Expanded entropy decoder object for Huffman decoding. |
34 | | * |
35 | | * The savable_state subrecord contains fields that change within an MCU, |
36 | | * but must not be updated permanently until we complete the MCU. |
37 | | */ |
38 | | |
39 | | typedef struct { |
40 | | int last_dc_val[MAX_COMPS_IN_SCAN]; /* last DC coef for each component */ |
41 | | } savable_state; |
42 | | |
43 | | typedef struct { |
44 | | struct jpeg_entropy_decoder pub; /* public fields */ |
45 | | |
46 | | /* These fields are loaded into local variables at start of each MCU. |
47 | | * In case of suspension, we exit WITHOUT updating them. |
48 | | */ |
49 | | bitread_perm_state bitstate; /* Bit buffer at start of MCU */ |
50 | | savable_state saved; /* Other state at start of MCU */ |
51 | | |
52 | | /* These fields are NOT loaded into local working state. */ |
53 | | unsigned int restarts_to_go; /* MCUs left in this restart interval */ |
54 | | |
55 | | /* Pointers to derived tables (these workspaces have image lifespan) */ |
56 | | d_derived_tbl *dc_derived_tbls[NUM_HUFF_TBLS]; |
57 | | d_derived_tbl *ac_derived_tbls[NUM_HUFF_TBLS]; |
58 | | |
59 | | /* Precalculated info set up by start_pass for use in decode_mcu: */ |
60 | | |
61 | | /* Pointers to derived tables to be used for each block within an MCU */ |
62 | | d_derived_tbl *dc_cur_tbls[D_MAX_BLOCKS_IN_MCU]; |
63 | | d_derived_tbl *ac_cur_tbls[D_MAX_BLOCKS_IN_MCU]; |
64 | | /* Whether we care about the DC and AC coefficient values for each block */ |
65 | | boolean dc_needed[D_MAX_BLOCKS_IN_MCU]; |
66 | | boolean ac_needed[D_MAX_BLOCKS_IN_MCU]; |
67 | | } huff_entropy_decoder; |
68 | | |
69 | | typedef huff_entropy_decoder *huff_entropy_ptr; |
70 | | |
71 | | |
72 | | /* |
73 | | * Initialize for a Huffman-compressed scan. |
74 | | */ |
75 | | |
76 | | METHODDEF(void) |
77 | | start_pass_huff_decoder(j_decompress_ptr cinfo) |
78 | 27.6k | { |
79 | 27.6k | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
80 | 27.6k | int ci, blkn, dctbl, actbl; |
81 | 27.6k | d_derived_tbl **pdtbl; |
82 | 27.6k | jpeg_component_info *compptr; |
83 | | |
84 | | /* Check that the scan parameters Ss, Se, Ah/Al are OK for sequential JPEG. |
85 | | * This ought to be an error condition, but we make it a warning because |
86 | | * there are some baseline files out there with all zeroes in these bytes. |
87 | | */ |
88 | 27.6k | if (cinfo->Ss != 0 || cinfo->Se != DCTSIZE2 - 1 || |
89 | 27.6k | cinfo->Ah != 0 || cinfo->Al != 0) |
90 | 13.4k | WARNMS(cinfo, JWRN_NOT_SEQUENTIAL); |
91 | | |
92 | 56.1k | for (ci = 0; ci < cinfo->comps_in_scan; ci++) { |
93 | 28.5k | compptr = cinfo->cur_comp_info[ci]; |
94 | 28.5k | dctbl = compptr->dc_tbl_no; |
95 | 28.5k | actbl = compptr->ac_tbl_no; |
96 | | /* Compute derived values for Huffman tables */ |
97 | | /* We may do this more than once for a table, but it's not expensive */ |
98 | 28.5k | pdtbl = (d_derived_tbl **)(entropy->dc_derived_tbls) + dctbl; |
99 | 28.5k | jpeg_make_d_derived_tbl(cinfo, TRUE, dctbl, pdtbl); |
100 | 28.5k | pdtbl = (d_derived_tbl **)(entropy->ac_derived_tbls) + actbl; |
101 | 28.5k | jpeg_make_d_derived_tbl(cinfo, FALSE, actbl, pdtbl); |
102 | | /* Initialize DC predictions to 0 */ |
103 | 28.5k | entropy->saved.last_dc_val[ci] = 0; |
104 | 28.5k | } |
105 | | |
106 | | /* Precalculate decoding info for each block in an MCU of this scan */ |
107 | 56.4k | for (blkn = 0; blkn < cinfo->blocks_in_MCU; blkn++) { |
108 | 28.7k | ci = cinfo->MCU_membership[blkn]; |
109 | 28.7k | compptr = cinfo->cur_comp_info[ci]; |
110 | | /* Precalculate which table to use for each block */ |
111 | 28.7k | entropy->dc_cur_tbls[blkn] = entropy->dc_derived_tbls[compptr->dc_tbl_no]; |
112 | 28.7k | entropy->ac_cur_tbls[blkn] = entropy->ac_derived_tbls[compptr->ac_tbl_no]; |
113 | | /* Decide whether we really care about the coefficient values */ |
114 | 28.7k | if (compptr->component_needed) { |
115 | 28.7k | entropy->dc_needed[blkn] = TRUE; |
116 | | /* we don't need the ACs if producing a 1/8th-size image */ |
117 | 28.7k | entropy->ac_needed[blkn] = (compptr->_DCT_scaled_size > 1); |
118 | 28.7k | } else { |
119 | 0 | entropy->dc_needed[blkn] = entropy->ac_needed[blkn] = FALSE; |
120 | 0 | } |
121 | 28.7k | } |
122 | | |
123 | | /* Initialize bitread state variables */ |
124 | 27.6k | entropy->bitstate.bits_left = 0; |
125 | 27.6k | entropy->bitstate.get_buffer = 0; /* unnecessary, but keeps Purify quiet */ |
126 | 27.6k | entropy->pub.insufficient_data = FALSE; |
127 | | |
128 | | /* Initialize restart counter */ |
129 | 27.6k | entropy->restarts_to_go = cinfo->restart_interval; |
130 | 27.6k | } |
131 | | |
132 | | |
133 | | /* |
134 | | * Compute the derived values for a Huffman table. |
135 | | * This routine also performs some validation checks on the table. |
136 | | * |
137 | | * Note this is also used by jdphuff.c. |
138 | | */ |
139 | | |
140 | | GLOBAL(void) |
141 | | jpeg_make_d_derived_tbl(j_decompress_ptr cinfo, boolean isDC, int tblno, |
142 | | d_derived_tbl **pdtbl) |
143 | 64.9k | { |
144 | 64.9k | JHUFF_TBL *htbl; |
145 | 64.9k | d_derived_tbl *dtbl; |
146 | 64.9k | int p, i, l, si, numsymbols; |
147 | 64.9k | int lookbits, ctr; |
148 | 64.9k | char huffsize[257]; |
149 | 64.9k | unsigned int huffcode[257]; |
150 | 64.9k | unsigned int code; |
151 | | |
152 | | /* Note that huffsize[] and huffcode[] are filled in code-length order, |
153 | | * paralleling the order of the symbols themselves in htbl->huffval[]. |
154 | | */ |
155 | | |
156 | | /* Find the input Huffman table */ |
157 | 64.9k | if (tblno < 0 || tblno >= NUM_HUFF_TBLS) |
158 | 494 | ERREXIT1(cinfo, JERR_NO_HUFF_TABLE, tblno); |
159 | 64.9k | htbl = |
160 | 64.9k | isDC ? cinfo->dc_huff_tbl_ptrs[tblno] : cinfo->ac_huff_tbl_ptrs[tblno]; |
161 | 64.9k | if (htbl == NULL) |
162 | 489 | ERREXIT1(cinfo, JERR_NO_HUFF_TABLE, tblno); |
163 | | |
164 | | /* Allocate a workspace if we haven't already done so. */ |
165 | 64.9k | if (*pdtbl == NULL) |
166 | 57.6k | *pdtbl = (d_derived_tbl *) |
167 | 57.6k | (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, |
168 | 57.6k | sizeof(d_derived_tbl)); |
169 | 64.9k | dtbl = *pdtbl; |
170 | 64.9k | dtbl->pub = htbl; /* fill in back link */ |
171 | | |
172 | | /* Figure C.1: make table of Huffman code length for each symbol */ |
173 | | |
174 | 64.9k | p = 0; |
175 | 1.08M | for (l = 1; l <= 16; l++) { |
176 | 1.02M | i = (int)htbl->bits[l]; |
177 | 1.02M | if (i < 0 || p + i > 256) /* protect against table overrun */ |
178 | 0 | ERREXIT(cinfo, JERR_BAD_HUFF_TABLE); |
179 | 5.83M | while (i--) |
180 | 4.80M | huffsize[p++] = (char)l; |
181 | 1.02M | } |
182 | 64.9k | huffsize[p] = 0; |
183 | 64.9k | numsymbols = p; |
184 | | |
185 | | /* Figure C.2: generate the codes themselves */ |
186 | | /* We also validate that the counts represent a legal Huffman code tree. */ |
187 | | |
188 | 64.9k | code = 0; |
189 | 64.9k | si = huffsize[0]; |
190 | 64.9k | p = 0; |
191 | 770k | while (huffsize[p]) { |
192 | 5.50M | while (((int)huffsize[p]) == si) { |
193 | 4.80M | huffcode[p++] = code; |
194 | 4.80M | code++; |
195 | 4.80M | } |
196 | | /* code is now 1 more than the last code used for codelength si; but |
197 | | * it must still fit in si bits, since no code is allowed to be all ones. |
198 | | */ |
199 | 705k | if (((JLONG)code) >= (((JLONG)1) << si)) |
200 | 294 | ERREXIT(cinfo, JERR_BAD_HUFF_TABLE); |
201 | 705k | code <<= 1; |
202 | 705k | si++; |
203 | 705k | } |
204 | | |
205 | | /* Figure F.15: generate decoding tables for bit-sequential decoding */ |
206 | | |
207 | 64.9k | p = 0; |
208 | 1.08M | for (l = 1; l <= 16; l++) { |
209 | 1.01M | if (htbl->bits[l]) { |
210 | | /* valoffset[l] = huffval[] index of 1st symbol of code length l, |
211 | | * minus the minimum code of length l |
212 | | */ |
213 | 538k | dtbl->valoffset[l] = (JLONG)p - (JLONG)huffcode[p]; |
214 | 538k | p += htbl->bits[l]; |
215 | 538k | dtbl->maxcode[l] = huffcode[p - 1]; /* maximum code of length l */ |
216 | 538k | } else { |
217 | 480k | dtbl->maxcode[l] = -1; /* -1 if no codes of this length */ |
218 | 480k | } |
219 | 1.01M | } |
220 | 64.9k | dtbl->valoffset[17] = 0; |
221 | 64.9k | dtbl->maxcode[17] = 0xFFFFFL; /* ensures jpeg_huff_decode terminates */ |
222 | | |
223 | | /* Compute lookahead tables to speed up decoding. |
224 | | * First we set all the table entries to 0, indicating "too long"; |
225 | | * then we iterate through the Huffman codes that are short enough and |
226 | | * fill in all the entries that correspond to bit sequences starting |
227 | | * with that code. |
228 | | */ |
229 | | |
230 | 16.3M | for (i = 0; i < (1 << HUFF_LOOKAHEAD); i++) |
231 | 16.3M | dtbl->lookup[i] = (HUFF_LOOKAHEAD + 1) << HUFF_LOOKAHEAD; |
232 | | |
233 | 64.9k | p = 0; |
234 | 574k | for (l = 1; l <= HUFF_LOOKAHEAD; l++) { |
235 | 1.49M | for (i = 1; i <= (int)htbl->bits[l]; i++, p++) { |
236 | | /* l = current code's length, p = its index in huffcode[] & huffval[]. */ |
237 | | /* Generate left-justified code followed by all possible bit sequences */ |
238 | 983k | lookbits = huffcode[p] << (HUFF_LOOKAHEAD - l); |
239 | 12.6M | for (ctr = 1 << (HUFF_LOOKAHEAD - l); ctr > 0; ctr--) { |
240 | 11.6M | dtbl->lookup[lookbits] = (l << HUFF_LOOKAHEAD) | htbl->huffval[p]; |
241 | 11.6M | lookbits++; |
242 | 11.6M | } |
243 | 983k | } |
244 | 509k | } |
245 | | |
246 | | /* Validate symbols as being reasonable. |
247 | | * For AC tables, we make no check, but accept all byte values 0..255. |
248 | | * For DC tables, we require the symbols to be in range 0..15. |
249 | | * (Tighter bounds could be applied depending on the data depth and mode, |
250 | | * but this is sufficient to ensure safe decoding.) |
251 | | */ |
252 | 64.9k | if (isDC) { |
253 | 368k | for (i = 0; i < numsymbols; i++) { |
254 | 339k | int sym = htbl->huffval[i]; |
255 | 339k | if (sym < 0 || sym > 15) |
256 | 419 | ERREXIT(cinfo, JERR_BAD_HUFF_TABLE); |
257 | 339k | } |
258 | 29.3k | } |
259 | 64.9k | } |
260 | | |
261 | | |
262 | | /* |
263 | | * Out-of-line code for bit fetching (shared with jdphuff.c). |
264 | | * See jdhuff.h for info about usage. |
265 | | * Note: current values of get_buffer and bits_left are passed as parameters, |
266 | | * but are returned in the corresponding fields of the state struct. |
267 | | * |
268 | | * On most machines MIN_GET_BITS should be 25 to allow the full 32-bit width |
269 | | * of get_buffer to be used. (On machines with wider words, an even larger |
270 | | * buffer could be used.) However, on some machines 32-bit shifts are |
271 | | * quite slow and take time proportional to the number of places shifted. |
272 | | * (This is true with most PC compilers, for instance.) In this case it may |
273 | | * be a win to set MIN_GET_BITS to the minimum value of 15. This reduces the |
274 | | * average shift distance at the cost of more calls to jpeg_fill_bit_buffer. |
275 | | */ |
276 | | |
277 | | #ifdef SLOW_SHIFT_32 |
278 | | #define MIN_GET_BITS 15 /* minimum allowable value */ |
279 | | #else |
280 | 8.81M | #define MIN_GET_BITS (BIT_BUF_SIZE - 7) |
281 | | #endif |
282 | | |
283 | | |
284 | | GLOBAL(boolean) |
285 | | jpeg_fill_bit_buffer(bitread_working_state *state, |
286 | | register bit_buf_type get_buffer, register int bits_left, |
287 | | int nbits) |
288 | | /* Load up the bit buffer to a depth of at least nbits */ |
289 | 1.80M | { |
290 | | /* Copy heavily used state fields into locals (hopefully registers) */ |
291 | 1.80M | register const JOCTET *next_input_byte = state->next_input_byte; |
292 | 1.80M | register size_t bytes_in_buffer = state->bytes_in_buffer; |
293 | 1.80M | j_decompress_ptr cinfo = state->cinfo; |
294 | | |
295 | | /* Attempt to load at least MIN_GET_BITS bits into get_buffer. */ |
296 | | /* (It is assumed that no request will be for more than that many bits.) */ |
297 | | /* We fail to do so only if we hit a marker or are forced to suspend. */ |
298 | | |
299 | 1.80M | if (cinfo->unread_marker == 0) { /* cannot advance past a marker */ |
300 | 7.94M | while (bits_left < MIN_GET_BITS) { |
301 | 6.94M | register int c; |
302 | | |
303 | | /* Attempt to read a byte */ |
304 | 6.94M | if (bytes_in_buffer == 0) { |
305 | 44.2k | if (!(*cinfo->src->fill_input_buffer) (cinfo)) |
306 | 0 | return FALSE; |
307 | 44.2k | next_input_byte = cinfo->src->next_input_byte; |
308 | 44.2k | bytes_in_buffer = cinfo->src->bytes_in_buffer; |
309 | 44.2k | } |
310 | 6.94M | bytes_in_buffer--; |
311 | 6.94M | c = *next_input_byte++; |
312 | | |
313 | | /* If it's 0xFF, check and discard stuffed zero byte */ |
314 | 6.94M | if (c == 0xFF) { |
315 | | /* Loop here to discard any padding FF's on terminating marker, |
316 | | * so that we can save a valid unread_marker value. NOTE: we will |
317 | | * accept multiple FF's followed by a 0 as meaning a single FF data |
318 | | * byte. This data pattern is not valid according to the standard. |
319 | | */ |
320 | 310k | do { |
321 | 310k | if (bytes_in_buffer == 0) { |
322 | 4.39k | if (!(*cinfo->src->fill_input_buffer) (cinfo)) |
323 | 0 | return FALSE; |
324 | 4.39k | next_input_byte = cinfo->src->next_input_byte; |
325 | 4.39k | bytes_in_buffer = cinfo->src->bytes_in_buffer; |
326 | 4.39k | } |
327 | 310k | bytes_in_buffer--; |
328 | 310k | c = *next_input_byte++; |
329 | 310k | } while (c == 0xFF); |
330 | | |
331 | 92.8k | if (c == 0) { |
332 | | /* Found FF/00, which represents an FF data byte */ |
333 | 49.8k | c = 0xFF; |
334 | 49.8k | } else { |
335 | | /* Oops, it's actually a marker indicating end of compressed data. |
336 | | * Save the marker code for later use. |
337 | | * Fine point: it might appear that we should save the marker into |
338 | | * bitread working state, not straight into permanent state. But |
339 | | * once we have hit a marker, we cannot need to suspend within the |
340 | | * current MCU, because we will read no more bytes from the data |
341 | | * source. So it is OK to update permanent state right away. |
342 | | */ |
343 | 43.0k | cinfo->unread_marker = c; |
344 | | /* See if we need to insert some fake zero bits. */ |
345 | 43.0k | goto no_more_bytes; |
346 | 43.0k | } |
347 | 92.8k | } |
348 | | |
349 | | /* OK, load c into get_buffer */ |
350 | 6.89M | get_buffer = (get_buffer << 8) | c; |
351 | 6.89M | bits_left += 8; |
352 | 6.89M | } /* end while */ |
353 | 1.04M | } else { |
354 | 801k | no_more_bytes: |
355 | | /* We get here if we've read the marker that terminates the compressed |
356 | | * data segment. There should be enough bits in the buffer register |
357 | | * to satisfy the request; if so, no problem. |
358 | | */ |
359 | 801k | if (nbits > bits_left) { |
360 | | /* Uh-oh. Report corrupted data to user and stuff zeroes into |
361 | | * the data stream, so that we can produce some kind of image. |
362 | | * We use a nonvolatile flag to ensure that only one warning message |
363 | | * appears per data segment. |
364 | | */ |
365 | 435k | if (!cinfo->entropy->insufficient_data) { |
366 | 44.6k | WARNMS(cinfo, JWRN_HIT_MARKER); |
367 | 44.6k | cinfo->entropy->insufficient_data = TRUE; |
368 | 44.6k | } |
369 | | /* Fill the buffer with zero bits */ |
370 | 435k | get_buffer <<= MIN_GET_BITS - bits_left; |
371 | 435k | bits_left = MIN_GET_BITS; |
372 | 435k | } |
373 | 801k | } |
374 | | |
375 | | /* Unload the local registers */ |
376 | 1.80M | state->next_input_byte = next_input_byte; |
377 | 1.80M | state->bytes_in_buffer = bytes_in_buffer; |
378 | 1.80M | state->get_buffer = get_buffer; |
379 | 1.80M | state->bits_left = bits_left; |
380 | | |
381 | 1.80M | return TRUE; |
382 | 1.80M | } |
383 | | |
384 | | |
385 | | /* Macro version of the above, which performs much better but does not |
386 | | handle markers. We have to hand off any blocks with markers to the |
387 | | slower routines. */ |
388 | | |
389 | 790k | #define GET_BYTE { \ |
390 | 790k | register int c0, c1; \ |
391 | 790k | c0 = *buffer++; \ |
392 | 790k | c1 = *buffer; \ |
393 | 790k | /* Pre-execute most common case */ \ |
394 | 790k | get_buffer = (get_buffer << 8) | c0; \ |
395 | 790k | bits_left += 8; \ |
396 | 790k | if (c0 == 0xFF) { \ |
397 | 83.0k | /* Pre-execute case of FF/00, which represents an FF data byte */ \ |
398 | 83.0k | buffer++; \ |
399 | 83.0k | if (c1 != 0) { \ |
400 | 64.3k | /* Oops, it's actually a marker indicating end of compressed data. */ \ |
401 | 64.3k | cinfo->unread_marker = c1; \ |
402 | 64.3k | /* Back out pre-execution and fill the buffer with zero bits */ \ |
403 | 64.3k | buffer -= 2; \ |
404 | 64.3k | get_buffer &= ~0xFF; \ |
405 | 64.3k | } \ |
406 | 83.0k | } \ |
407 | 790k | } |
408 | | |
409 | | #if SIZEOF_SIZE_T == 8 || defined(_WIN64) || (defined(__x86_64__) && defined(__ILP32__)) |
410 | | |
411 | | /* Pre-fetch 48 bytes, because the holding register is 64-bit */ |
412 | | #define FILL_BIT_BUFFER_FAST \ |
413 | 1.76M | if (bits_left <= 16) { \ |
414 | 131k | GET_BYTE GET_BYTE GET_BYTE GET_BYTE GET_BYTE GET_BYTE \ |
415 | 131k | } |
416 | | |
417 | | #else |
418 | | |
419 | | /* Pre-fetch 16 bytes, because the holding register is 32-bit */ |
420 | | #define FILL_BIT_BUFFER_FAST \ |
421 | | if (bits_left <= 16) { \ |
422 | | GET_BYTE GET_BYTE \ |
423 | | } |
424 | | |
425 | | #endif |
426 | | |
427 | | |
428 | | /* |
429 | | * Out-of-line code for Huffman code decoding. |
430 | | * See jdhuff.h for info about usage. |
431 | | */ |
432 | | |
433 | | GLOBAL(int) |
434 | | jpeg_huff_decode(bitread_working_state *state, |
435 | | register bit_buf_type get_buffer, register int bits_left, |
436 | | d_derived_tbl *htbl, int min_bits) |
437 | 1.07M | { |
438 | 1.07M | register int l = min_bits; |
439 | 1.07M | register JLONG code; |
440 | | |
441 | | /* HUFF_DECODE has determined that the code is at least min_bits */ |
442 | | /* bits long, so fetch that many bits in one swoop. */ |
443 | | |
444 | 1.07M | CHECK_BIT_BUFFER(*state, l, return -1); |
445 | 1.07M | code = GET_BITS(l); |
446 | | |
447 | | /* Collect the rest of the Huffman code one bit at a time. */ |
448 | | /* This is per Figure F.16. */ |
449 | | |
450 | 7.16M | while (code > htbl->maxcode[l]) { |
451 | 6.09M | code <<= 1; |
452 | 6.09M | CHECK_BIT_BUFFER(*state, 1, return -1); |
453 | 6.09M | code |= GET_BITS(1); |
454 | 6.09M | l++; |
455 | 6.09M | } |
456 | | |
457 | | /* Unload the local registers */ |
458 | 1.07M | state->get_buffer = get_buffer; |
459 | 1.07M | state->bits_left = bits_left; |
460 | | |
461 | | /* With garbage input we may reach the sentinel value l = 17. */ |
462 | | |
463 | 1.07M | if (l > 16) { |
464 | 655k | WARNMS(state->cinfo, JWRN_HUFF_BAD_CODE); |
465 | 655k | return 0; /* fake a zero as the safest result */ |
466 | 655k | } |
467 | | |
468 | 417k | return htbl->pub->huffval[(int)(code + htbl->valoffset[l])]; |
469 | 1.07M | } |
470 | | |
471 | | |
472 | | /* |
473 | | * Figure F.12: extend sign bit. |
474 | | * On some machines, a shift and add will be faster than a table lookup. |
475 | | */ |
476 | | |
477 | | #define AVOID_TABLES |
478 | | #ifdef AVOID_TABLES |
479 | | |
480 | 3.92M | #define NEG_1 ((unsigned int)-1) |
481 | | #define HUFF_EXTEND(x, s) \ |
482 | 3.92M | ((x) + ((((x) - (1 << ((s) - 1))) >> 31) & (((NEG_1) << (s)) + 1))) |
483 | | |
484 | | #else |
485 | | |
486 | | #define HUFF_EXTEND(x, s) \ |
487 | | ((x) < extend_test[s] ? (x) + extend_offset[s] : (x)) |
488 | | |
489 | | static const int extend_test[16] = { /* entry n is 2**(n-1) */ |
490 | | 0, 0x0001, 0x0002, 0x0004, 0x0008, 0x0010, 0x0020, 0x0040, 0x0080, |
491 | | 0x0100, 0x0200, 0x0400, 0x0800, 0x1000, 0x2000, 0x4000 |
492 | | }; |
493 | | |
494 | | static const int extend_offset[16] = { /* entry n is (-1 << n) + 1 */ |
495 | | 0, ((-1) << 1) + 1, ((-1) << 2) + 1, ((-1) << 3) + 1, ((-1) << 4) + 1, |
496 | | ((-1) << 5) + 1, ((-1) << 6) + 1, ((-1) << 7) + 1, ((-1) << 8) + 1, |
497 | | ((-1) << 9) + 1, ((-1) << 10) + 1, ((-1) << 11) + 1, ((-1) << 12) + 1, |
498 | | ((-1) << 13) + 1, ((-1) << 14) + 1, ((-1) << 15) + 1 |
499 | | }; |
500 | | |
501 | | #endif /* AVOID_TABLES */ |
502 | | |
503 | | |
504 | | /* |
505 | | * Check for a restart marker & resynchronize decoder. |
506 | | * Returns FALSE if must suspend. |
507 | | */ |
508 | | |
509 | | LOCAL(boolean) |
510 | | process_restart(j_decompress_ptr cinfo) |
511 | 95.2k | { |
512 | 95.2k | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
513 | 95.2k | int ci; |
514 | | |
515 | | /* Throw away any unused bits remaining in bit buffer; */ |
516 | | /* include any full bytes in next_marker's count of discarded bytes */ |
517 | 95.2k | cinfo->marker->discarded_bytes += entropy->bitstate.bits_left / 8; |
518 | 95.2k | entropy->bitstate.bits_left = 0; |
519 | | |
520 | | /* Advance past the RSTn marker */ |
521 | 95.2k | if (!(*cinfo->marker->read_restart_marker) (cinfo)) |
522 | 0 | return FALSE; |
523 | | |
524 | | /* Re-initialize DC predictions to 0 */ |
525 | 201k | for (ci = 0; ci < cinfo->comps_in_scan; ci++) |
526 | 106k | entropy->saved.last_dc_val[ci] = 0; |
527 | | |
528 | | /* Reset restart counter */ |
529 | 95.2k | entropy->restarts_to_go = cinfo->restart_interval; |
530 | | |
531 | | /* Reset out-of-data flag, unless read_restart_marker left us smack up |
532 | | * against a marker. In that case we will end up treating the next data |
533 | | * segment as empty, and we can avoid producing bogus output pixels by |
534 | | * leaving the flag set. |
535 | | */ |
536 | 95.2k | if (cinfo->unread_marker == 0) |
537 | 11.9k | entropy->pub.insufficient_data = FALSE; |
538 | | |
539 | 95.2k | return TRUE; |
540 | 95.2k | } |
541 | | |
542 | | |
543 | | #if defined(__has_feature) |
544 | | #if __has_feature(undefined_behavior_sanitizer) |
545 | | __attribute__((no_sanitize("signed-integer-overflow"), |
546 | | no_sanitize("unsigned-integer-overflow"))) |
547 | | #endif |
548 | | #endif |
549 | | LOCAL(boolean) |
550 | | decode_mcu_slow(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) |
551 | 522k | { |
552 | 522k | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
553 | 522k | BITREAD_STATE_VARS; |
554 | 522k | int blkn; |
555 | 522k | savable_state state; |
556 | | /* Outer loop handles each block in the MCU */ |
557 | | |
558 | | /* Load up working state */ |
559 | 522k | BITREAD_LOAD_STATE(cinfo, entropy->bitstate); |
560 | 522k | state = entropy->saved; |
561 | | |
562 | 1.38M | for (blkn = 0; blkn < cinfo->blocks_in_MCU; blkn++) { |
563 | 869k | JBLOCKROW block = MCU_data ? MCU_data[blkn] : NULL; |
564 | 869k | d_derived_tbl *dctbl = entropy->dc_cur_tbls[blkn]; |
565 | 869k | d_derived_tbl *actbl = entropy->ac_cur_tbls[blkn]; |
566 | 869k | register int s, k, r; |
567 | | |
568 | | /* Decode a single block's worth of coefficients */ |
569 | | |
570 | | /* Section F.2.2.1: decode the DC coefficient difference */ |
571 | 869k | HUFF_DECODE(s, br_state, dctbl, return FALSE, label1); |
572 | 863k | if (s) { |
573 | 417k | CHECK_BIT_BUFFER(br_state, s, return FALSE); |
574 | 417k | r = GET_BITS(s); |
575 | 417k | s = HUFF_EXTEND(r, s); |
576 | 417k | } |
577 | | |
578 | 863k | if (entropy->dc_needed[blkn]) { |
579 | | /* Convert DC difference to actual value, update last_dc_val */ |
580 | 863k | int ci = cinfo->MCU_membership[blkn]; |
581 | | /* Certain malformed JPEG images produce repeated DC coefficient |
582 | | * differences of 2047 or -2047, which causes state.last_dc_val[ci] to |
583 | | * grow until it overflows or underflows a 32-bit signed integer. This |
584 | | * behavior is, to the best of our understanding, innocuous, and it is |
585 | | * unclear how to work around it without potentially affecting |
586 | | * performance. Thus, we (hopefully temporarily) suppress UBSan integer |
587 | | * overflow errors for this function and decode_mcu_fast(). |
588 | | */ |
589 | 863k | s += state.last_dc_val[ci]; |
590 | 863k | state.last_dc_val[ci] = s; |
591 | 863k | if (block) { |
592 | | /* Output the DC coefficient (assumes jpeg_natural_order[0] = 0) */ |
593 | 863k | (*block)[0] = (JCOEF)s; |
594 | 863k | } |
595 | 863k | } |
596 | | |
597 | 863k | if (entropy->ac_needed[blkn] && block) { |
598 | | |
599 | | /* Section F.2.2.2: decode the AC coefficients */ |
600 | | /* Since zeroes are skipped, output area must be cleared beforehand */ |
601 | 4.11M | for (k = 1; k < DCTSIZE2; k++) { |
602 | 4.07M | HUFF_DECODE(s, br_state, actbl, return FALSE, label2); |
603 | | |
604 | 4.07M | r = s >> 4; |
605 | 4.07M | s &= 15; |
606 | | |
607 | 4.07M | if (s) { |
608 | 3.24M | k += r; |
609 | 3.24M | CHECK_BIT_BUFFER(br_state, s, return FALSE); |
610 | 3.24M | r = GET_BITS(s); |
611 | 3.24M | s = HUFF_EXTEND(r, s); |
612 | | /* Output coefficient in natural (dezigzagged) order. |
613 | | * Note: the extra entries in jpeg_natural_order[] will save us |
614 | | * if k >= DCTSIZE2, which could happen if the data is corrupted. |
615 | | */ |
616 | 3.24M | (*block)[jpeg_natural_order[k]] = (JCOEF)s; |
617 | 3.24M | } else { |
618 | 830k | if (r != 15) |
619 | 821k | break; |
620 | 8.83k | k += 15; |
621 | 8.83k | } |
622 | 4.07M | } |
623 | | |
624 | 863k | } else { |
625 | | |
626 | | /* Section F.2.2.2: decode the AC coefficients */ |
627 | | /* In this path we just discard the values */ |
628 | 0 | for (k = 1; k < DCTSIZE2; k++) { |
629 | 0 | HUFF_DECODE(s, br_state, actbl, return FALSE, label3); |
630 | |
|
631 | 0 | r = s >> 4; |
632 | 0 | s &= 15; |
633 | |
|
634 | 0 | if (s) { |
635 | 0 | k += r; |
636 | 0 | CHECK_BIT_BUFFER(br_state, s, return FALSE); |
637 | 0 | DROP_BITS(s); |
638 | 0 | } else { |
639 | 0 | if (r != 15) |
640 | 0 | break; |
641 | 0 | k += 15; |
642 | 0 | } |
643 | 0 | } |
644 | 0 | } |
645 | 863k | } |
646 | | |
647 | | /* Completed MCU, so update state */ |
648 | 516k | BITREAD_SAVE_STATE(cinfo, entropy->bitstate); |
649 | 516k | entropy->saved = state; |
650 | 516k | return TRUE; |
651 | 522k | } |
652 | | |
653 | | |
654 | | #if defined(__has_feature) |
655 | | #if __has_feature(undefined_behavior_sanitizer) |
656 | | __attribute__((no_sanitize("signed-integer-overflow"), |
657 | | no_sanitize("unsigned-integer-overflow"))) |
658 | | #endif |
659 | | #endif |
660 | | LOCAL(boolean) |
661 | | decode_mcu_fast(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) |
662 | 265k | { |
663 | 265k | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
664 | 265k | BITREAD_STATE_VARS; |
665 | 265k | JOCTET *buffer; |
666 | 265k | int blkn; |
667 | 265k | savable_state state; |
668 | | /* Outer loop handles each block in the MCU */ |
669 | | |
670 | | /* Load up working state */ |
671 | 265k | BITREAD_LOAD_STATE(cinfo, entropy->bitstate); |
672 | 265k | buffer = (JOCTET *)br_state.next_input_byte; |
673 | 265k | state = entropy->saved; |
674 | | |
675 | 926k | for (blkn = 0; blkn < cinfo->blocks_in_MCU; blkn++) { |
676 | 661k | JBLOCKROW block = MCU_data ? MCU_data[blkn] : NULL; |
677 | 661k | d_derived_tbl *dctbl = entropy->dc_cur_tbls[blkn]; |
678 | 661k | d_derived_tbl *actbl = entropy->ac_cur_tbls[blkn]; |
679 | 661k | register int s, k, r, l; |
680 | | |
681 | 661k | HUFF_DECODE_FAST(s, l, dctbl); |
682 | 661k | if (s) { |
683 | 89.3k | FILL_BIT_BUFFER_FAST |
684 | 89.3k | r = GET_BITS(s); |
685 | 89.3k | s = HUFF_EXTEND(r, s); |
686 | 89.3k | } |
687 | | |
688 | 661k | if (entropy->dc_needed[blkn]) { |
689 | 661k | int ci = cinfo->MCU_membership[blkn]; |
690 | | /* Refer to the comment in decode_mcu_slow() regarding the supression of |
691 | | * a UBSan integer overflow error in this line of code. |
692 | | */ |
693 | 661k | s += state.last_dc_val[ci]; |
694 | 661k | state.last_dc_val[ci] = s; |
695 | 661k | if (block) |
696 | 661k | (*block)[0] = (JCOEF)s; |
697 | 661k | } |
698 | | |
699 | 661k | if (entropy->ac_needed[blkn] && block) { |
700 | | |
701 | 840k | for (k = 1; k < DCTSIZE2; k++) { |
702 | 837k | HUFF_DECODE_FAST(s, l, actbl); |
703 | 837k | r = s >> 4; |
704 | 837k | s &= 15; |
705 | | |
706 | 837k | if (s) { |
707 | 175k | k += r; |
708 | 175k | FILL_BIT_BUFFER_FAST |
709 | 175k | r = GET_BITS(s); |
710 | 175k | s = HUFF_EXTEND(r, s); |
711 | 175k | (*block)[jpeg_natural_order[k]] = (JCOEF)s; |
712 | 661k | } else { |
713 | 661k | if (r != 15) break; |
714 | 3.35k | k += 15; |
715 | 3.35k | } |
716 | 837k | } |
717 | | |
718 | 661k | } else { |
719 | |
|
720 | 0 | for (k = 1; k < DCTSIZE2; k++) { |
721 | 0 | HUFF_DECODE_FAST(s, l, actbl); |
722 | 0 | r = s >> 4; |
723 | 0 | s &= 15; |
724 | |
|
725 | 0 | if (s) { |
726 | 0 | k += r; |
727 | 0 | FILL_BIT_BUFFER_FAST |
728 | 0 | DROP_BITS(s); |
729 | 0 | } else { |
730 | 0 | if (r != 15) break; |
731 | 0 | k += 15; |
732 | 0 | } |
733 | 0 | } |
734 | 0 | } |
735 | 661k | } |
736 | | |
737 | 265k | if (cinfo->unread_marker != 0) { |
738 | 10.3k | cinfo->unread_marker = 0; |
739 | 10.3k | return FALSE; |
740 | 10.3k | } |
741 | | |
742 | 254k | br_state.bytes_in_buffer -= (buffer - br_state.next_input_byte); |
743 | 254k | br_state.next_input_byte = buffer; |
744 | 254k | BITREAD_SAVE_STATE(cinfo, entropy->bitstate); |
745 | 254k | entropy->saved = state; |
746 | 254k | return TRUE; |
747 | 265k | } |
748 | | |
749 | | |
750 | | /* |
751 | | * Decode and return one MCU's worth of Huffman-compressed coefficients. |
752 | | * The coefficients are reordered from zigzag order into natural array order, |
753 | | * but are not dequantized. |
754 | | * |
755 | | * The i'th block of the MCU is stored into the block pointed to by |
756 | | * MCU_data[i]. WE ASSUME THIS AREA HAS BEEN ZEROED BY THE CALLER. |
757 | | * (Wholesale zeroing is usually a little faster than retail...) |
758 | | * |
759 | | * Returns FALSE if data source requested suspension. In that case no |
760 | | * changes have been made to permanent state. (Exception: some output |
761 | | * coefficients may already have been assigned. This is harmless for |
762 | | * this module, since we'll just re-assign them on the next call.) |
763 | | */ |
764 | | |
765 | 59.7M | #define BUFSIZE (DCTSIZE2 * 8) |
766 | | |
767 | | METHODDEF(boolean) |
768 | | decode_mcu(j_decompress_ptr cinfo, JBLOCKROW *MCU_data) |
769 | 59.7M | { |
770 | 59.7M | huff_entropy_ptr entropy = (huff_entropy_ptr)cinfo->entropy; |
771 | 59.7M | int usefast = 1; |
772 | | |
773 | | /* Process restart marker if needed; may have to suspend */ |
774 | 59.7M | if (cinfo->restart_interval) { |
775 | 20.6M | if (entropy->restarts_to_go == 0) |
776 | 95.2k | if (!process_restart(cinfo)) |
777 | 0 | return FALSE; |
778 | 20.6M | usefast = 0; |
779 | 20.6M | } |
780 | | |
781 | 59.7M | if (cinfo->src->bytes_in_buffer < BUFSIZE * (size_t)cinfo->blocks_in_MCU || |
782 | 59.7M | cinfo->unread_marker != 0) |
783 | 59.4M | usefast = 0; |
784 | | |
785 | | /* If we've run out of data, just leave the MCU set to zeroes. |
786 | | * This way, we return uniform gray for the remainder of the segment. |
787 | | */ |
788 | 59.7M | if (!entropy->pub.insufficient_data) { |
789 | | |
790 | 777k | if (usefast) { |
791 | 265k | if (!decode_mcu_fast(cinfo, MCU_data)) goto use_slow; |
792 | 512k | } else { |
793 | 522k | use_slow: |
794 | 522k | if (!decode_mcu_slow(cinfo, MCU_data)) return FALSE; |
795 | 522k | } |
796 | | |
797 | 777k | } |
798 | | |
799 | | /* Account for restart interval (no-op if not using restarts) */ |
800 | 59.7M | if (cinfo->restart_interval) |
801 | 20.6M | entropy->restarts_to_go--; |
802 | | |
803 | 59.7M | return TRUE; |
804 | 59.7M | } |
805 | | |
806 | | |
807 | | /* |
808 | | * Module initialization routine for Huffman entropy decoding. |
809 | | */ |
810 | | |
811 | | GLOBAL(void) |
812 | | jinit_huff_decoder(j_decompress_ptr cinfo) |
813 | 26.6k | { |
814 | 26.6k | huff_entropy_ptr entropy; |
815 | 26.6k | int i; |
816 | | |
817 | | /* Motion JPEG frames typically do not include the Huffman tables if they |
818 | | are the default tables. Thus, if the tables are not set by the time |
819 | | the Huffman decoder is initialized (usually within the body of |
820 | | jpeg_start_decompress()), we set them to default values. */ |
821 | 26.6k | std_huff_tables((j_common_ptr)cinfo); |
822 | | |
823 | 26.6k | entropy = (huff_entropy_ptr) |
824 | 26.6k | (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, |
825 | 26.6k | sizeof(huff_entropy_decoder)); |
826 | 26.6k | cinfo->entropy = (struct jpeg_entropy_decoder *)entropy; |
827 | 26.6k | entropy->pub.start_pass = start_pass_huff_decoder; |
828 | 26.6k | entropy->pub.decode_mcu = decode_mcu; |
829 | | |
830 | | /* Mark tables unallocated */ |
831 | 133k | for (i = 0; i < NUM_HUFF_TBLS; i++) { |
832 | 106k | entropy->dc_derived_tbls[i] = entropy->ac_derived_tbls[i] = NULL; |
833 | 106k | } |
834 | 26.6k | } |