Merge tag '2.1.5'

* tag '2.1.5': (41 commits)
  BUILDING.md: Specify install prefix for MinGW/Un*x
  Java: Guard against int overflow in size methods
  turbojpeg.c: Fix UBSan warning
  tjPlane*(): Guard against int overflow
  Java doc: TJ.pixelSize --> TJ.getPixelSize()
  TJBench: Unset TJ*OPT_CROP when disabling tiling
  TJExample: Remove "underlying codec" references
  GitHub: Update to actions/checkout@v3
  TJBench: Set TJ*OPT_PROGRESSIVE with -progressive
  TJBench/Java: Fix parsing of quality ranges
  TJBench: Strictly check all non-boolean arguments
  TurboJPEG: More documentation improvements
  TJDecompressor.java: Exception message tweak
  12-bit: Set alpha channel to 4095 rather than 255
  TJDecompressor.java: "YUV" = "planar YUV"
  Java: Don't allow int overflow in buf size methods
  tjDecompressToYUV2: Use scaled dims for plane calc
  TurboJPEG: Numerous documentation improvements
  TurboJPEG: Don't use backward compatibility macros
  TurboJPEG: Ensure 'pad' arg is a power of 2
  ...

Author: kornelski

BUILDING.md

@@ -25,9 +25,9 @@ Build Requirements
     variable or the `ASM_NASM` environment variable.  On Windows, use forward
     slashes rather than backslashes in the path (for example,
     **c:/nasm/nasm.exe**).
-  * NASM and Yasm are located in the CRB (Code Ready Builder) repository on
-    Red Hat Enterprise Linux 8 and in the PowerTools repository on RHEL
-    derivatives, which is not enabled by default.
+  * NASM and Yasm are located in the CRB (Code Ready Builder) or PowerTools
+    repository on Red Hat Enterprise Linux 8+ and derivatives, which is not
+    enabled by default.
 
 ### Un*x Platforms (including Linux, Mac, FreeBSD, Solaris, and Cygwin)
 
@@ -390,9 +390,13 @@ located (usually **/usr/bin**.)  Next, execute the following commands:
 
     cd {build_directory}
     cmake -G"Unix Makefiles" -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake \
+      -DCMAKE_INSTALL_PREFIX={install_path} \
       [additional CMake flags] {source_directory}
     make
 
+*{install\_path}* is the path under which the libjpeg-turbo binaries should be
+installed.
+
 
 ### 64-bit MinGW Build on Un*x (including Mac and Cygwin)
 
@@ -409,9 +413,13 @@ located (usually **/usr/bin**.)  Next, execute the following commands:
 
     cd {build_directory}
     cmake -G"Unix Makefiles" -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake \
+      -DCMAKE_INSTALL_PREFIX={install_path} \
       [additional CMake flags] {source_directory}
     make
 
+*{install\_path}* is the path under which the libjpeg-turbo binaries should be
+installed.
+
 
 Building libjpeg-turbo for iOS
 ------------------------------
@@ -447,6 +455,10 @@ iPhone 5S/iPad Mini 2/iPad Air and newer.
       [additional CMake flags] {source_directory}
     make
 
+Replace `iPhoneOS` with `iPhoneSimulator` and `-miphoneos-version-min` with
+`-miphonesimulator-version-min` to build libjpeg-turbo for the iOS simulator on
+Macs with Apple silicon CPUs.
+
 
 Building libjpeg-turbo for Android
 ----------------------------------

CMakeLists.txt

@@ -10,8 +10,8 @@ if(CMAKE_EXECUTABLE_SUFFIX)
 endif()
 
 project(mozjpeg C)
-set(VERSION 4.1.2)
-set(COPYRIGHT_YEAR "1991-2022")
+set(VERSION 4.1.3)
+set(COPYRIGHT_YEAR "1991-2023")
 string(REPLACE "." ";" VERSION_TRIPLET ${VERSION})
 list(GET VERSION_TRIPLET 0 VERSION_MAJOR)
 list(GET VERSION_TRIPLET 1 VERSION_MINOR)
@@ -40,6 +40,15 @@ set(LIBJPEG_TURBO_VERSION_NUMBER ${VERSION_MAJOR}${VERSION_MINOR}${VERSION_REVIS
 # application bundles would break our iOS packages.)
 set(CMAKE_MACOSX_BUNDLE FALSE)
 
+get_property(GENERATOR_IS_MULTI_CONFIG GLOBAL PROPERTY
+  GENERATOR_IS_MULTI_CONFIG)
+# If the GENERATOR_IS_MULTI_CONFIG property doesn't exist (CMake < 3.9), then
+# set the GENERATOR_IS_MULTI_CONFIG variable manually if the generator is
+# Visual Studio or Xcode (the only multi-config generators in CMake < 3.9).
+if(NOT GENERATOR_IS_MULTI_CONFIG AND (MSVC_IDE OR XCODE))
+  set(GENERATOR_IS_MULTI_CONFIG TRUE)
+endif()
+
 string(TIMESTAMP DEFAULT_BUILD "%Y%m%d")
 set(BUILD ${DEFAULT_BUILD} CACHE STRING "Build string (default: ${DEFAULT_BUILD})")
 
@@ -289,6 +298,16 @@ if(NOT WITH_JPEG8)
   report_option(WITH_MEM_SRCDST "In-memory source/destination managers")
 endif()
 
+# 0: Original libjpeg v6b/v7/v8 API/ABI
+#
+# libjpeg v6b/v7 API/ABI emulation:
+# 1: + In-memory source/destination managers (libjpeg-turbo 1.3.x)
+# 2: + Partial image decompression functions (libjpeg-turbo 1.5.x)
+# 3: + ICC functions (libjpeg-turbo 2.0.x)
+#
+# libjpeg v8 API/ABI emulation:
+# 1: + Partial image decompression functions (libjpeg-turbo 1.5.x)
+# 2: + ICC functions (libjpeg-turbo 2.0.x)
 set(SO_AGE 2)
 if(WITH_MEM_SRCDST)
   set(SO_AGE 3)
@@ -339,8 +358,19 @@ message(STATUS "libjpeg API shared library version = ${SO_MAJOR_VERSION}.${SO_AG
 # names of functions whenever they are modified in a backward-incompatible
 # manner, it is always backward-ABI-compatible with itself, so the major and
 # minor SO versions don't change.  However, we increase the middle number (the
-# SO "age") whenever functions are added to the API.
+# SO "age") whenever functions are added to the API, because adding functions
+# affects forward API/ABI compatibility.
 set(TURBOJPEG_SO_MAJOR_VERSION 0)
+# 0: TurboJPEG 1.3.x API
+# 1: TurboJPEG 1.4.x API
+#    The TurboJPEG 1.5.x API modified some of the function prototypes, adding
+#    the const keyword in front of pointers to unmodified buffers, but that did
+#    not affect forward API/ABI compatibility.
+# 2: TurboJPEG 2.0.x API
+#    The TurboJPEG 2.1.x API modified the behavior of the tjDecompressHeader3()
+#    function so that it accepts "abbreviated table specification" (AKA
+#    "tables-only") datastreams as well as JPEG images, but that did not affect
+#    forward API/ABI compatibility.
 set(TURBOJPEG_SO_AGE 2)
 set(TURBOJPEG_SO_VERSION 0.${TURBOJPEG_SO_AGE}.0)
 
@@ -761,7 +791,7 @@ add_executable(strtest strtest.c)
 
 add_subdirectory(md5)
 
-if(MSVC_IDE OR XCODE)
+if(GENERATOR_IS_MULTI_CONFIG)
   set(OBJDIR "\${CTEST_CONFIGURATION_TYPE}/")
 else()
   set(OBJDIR "")
@@ -1400,14 +1430,15 @@ if(WITH_TURBOJPEG)
       COMMAND ${BASH} ${CMAKE_CURRENT_BINARY_DIR}/tjbenchtest.java -yuv
       COMMAND echo tjbenchtest.java -progressive
       COMMAND ${BASH} ${CMAKE_CURRENT_BINARY_DIR}/tjbenchtest.java -progressive
-      COMMAND echo tjexampletest.java -progressive -yuv
+      COMMAND echo tjbenchtest.java -progressive -yuv
       COMMAND ${BASH} ${CMAKE_CURRENT_BINARY_DIR}/tjbenchtest.java
         -progressive -yuv
       COMMAND echo tjexampletest.java
       COMMAND ${BASH} ${CMAKE_CURRENT_BINARY_DIR}/tjexampletest.java
       DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tjbenchtest
         ${CMAKE_CURRENT_BINARY_DIR}/tjbenchtest.java
-        ${CMAKE_CURRENT_BINARY_DIR}/tjexampletest)
+        ${CMAKE_CURRENT_BINARY_DIR}/tjexampletest
+        ${CMAKE_CURRENT_BINARY_DIR}/tjexampletest.java)
   else()
     add_custom_target(tjtest
       COMMAND echo tjbenchtest
@@ -1424,7 +1455,8 @@ if(WITH_TURBOJPEG)
       COMMAND ${BASH} ${CMAKE_CURRENT_BINARY_DIR}/tjbenchtest -progressive -yuv
       COMMAND echo tjexampletest
       COMMAND ${BASH} ${CMAKE_CURRENT_BINARY_DIR}/tjexampletest
-      DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tjbenchtest)
+      DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tjbenchtest
+        ${CMAKE_CURRENT_BINARY_DIR}/tjexampletest)
   endif()
 endif()
 
@@ -1455,7 +1487,7 @@ if(WITH_TURBOJPEG)
       INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
       ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
     if(NOT ENABLE_SHARED)
-      if(MSVC_IDE OR XCODE)
+      if(GENERATOR_IS_MULTI_CONFIG)
         set(DIR "${CMAKE_CURRENT_BINARY_DIR}/\${CMAKE_INSTALL_CONFIG_NAME}")
       else()
         set(DIR ${CMAKE_CURRENT_BINARY_DIR})
@@ -1473,7 +1505,7 @@ if(ENABLE_STATIC)
     INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
     ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
   if(NOT ENABLE_SHARED)
-    if(MSVC_IDE OR XCODE)
+    if(GENERATOR_IS_MULTI_CONFIG)
       set(DIR "${CMAKE_CURRENT_BINARY_DIR}/\${CMAKE_INSTALL_CONFIG_NAME}")
     else()
       set(DIR ${CMAKE_CURRENT_BINARY_DIR})

ChangeLog.md

@@ -1,7 +1,62 @@
+2.1.5
+=====
+
+### Significant changes relative to 2.1.4:
+
+1. Fixed issues in the build system whereby, when using the Ninja Multi-Config
+CMake generator, a static build of libjpeg-turbo (a build in which
+`ENABLE_SHARED` is `0`) could not be installed, a Windows installer could not
+be built, and the Java regression tests failed.
+
+2. Fixed a regression introduced by 2.0 beta1[15] that caused a buffer overrun
+in the progressive Huffman encoder when attempting to transform a
+specially-crafted malformed 12-bit-per-component JPEG image into a progressive
+12-bit-per-component JPEG image using a 12-bit-per-component build of
+libjpeg-turbo (`-DWITH_12BIT=1`.)  Given that the buffer overrun was fully
+contained within the progressive Huffman encoder structure and did not cause a
+segfault or other user-visible errant behavior, given that the lossless
+transformer (unlike the decompressor) is not generally exposed to arbitrary
+data exploits, and given that 12-bit-per-component builds of libjpeg-turbo are
+uncommon, this issue did not likely pose a security risk.
+
+3. Fixed an issue whereby, when using a 12-bit-per-component build of
+libjpeg-turbo (`-DWITH_12BIT=1`), passing samples with values greater than 4095
+or less than 0 to `jpeg_write_scanlines()` caused a buffer overrun or underrun
+in the RGB-to-YCbCr color converter.
+
+4. Fixed a floating point exception that occurred when attempting to use the
+jpegtran `-drop` and `-trim` options to losslessly transform a
+specially-crafted malformed JPEG image.
+
+5. Fixed an issue in `tjBufSizeYUV2()` whereby it returned a bogus result,
+rather than throwing an error, if the `align` parameter was not a power of 2.
+Fixed a similar issue in `tjCompressFromYUV()` whereby it generated a corrupt
+JPEG image in certain cases, rather than throwing an error, if the `align`
+parameter was not a power of 2.
+
+6. Fixed an issue whereby `tjDecompressToYUV2()`, which is a wrapper for
+`tjDecompressToYUVPlanes()`, used the desired YUV image dimensions rather than
+the actual scaled image dimensions when computing the plane pointers and
+strides to pass to `tjDecompressToYUVPlanes()`.  This caused a buffer overrun
+and subsequent segfault if the desired image dimensions exceeded the scaled
+image dimensions.
+
+7. Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG image
+(`-DWITH_12BIT=1`) using an alpha-enabled output color space such as
+`JCS_EXT_RGBA`, the alpha channel was set to 255 rather than 4095.
+
+8. Fixed an issue whereby the Java version of TJBench did not accept a range of
+quality values.
+
+9. Fixed an issue whereby, when `-progressive` was passed to TJBench, the JPEG
+input image was not transformed into a progressive JPEG image prior to
+decompression.
+
+
 2.1.4
 =====
 
-### Significant changes relative to 2.1.3
+### Significant changes relative to 2.1.3:
 
 1. Fixed a regression introduced in 2.1.3 that caused build failures with
 Visual Studio 2010.
@@ -36,7 +91,7 @@ virtual array access") under certain circumstances.
 2.1.3
 =====
 
-### Significant changes relative to 2.1.2
+### Significant changes relative to 2.1.2:
 
 1. Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM
 input files into full-color JPEG images unless the `-grayscale` option was
@@ -60,7 +115,7 @@ be reproduced using the libjpeg API, not using djpeg.
 2.1.2
 =====
 
-### Significant changes relative to 2.1.1
+### Significant changes relative to 2.1.1:
 
 1. Fixed a regression introduced by 2.1 beta1[13] that caused the remaining
 GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used
@@ -92,7 +147,7 @@ image contains incomplete or corrupt image data.
 2.1.1
 =====
 
-### Significant changes relative to 2.1.0
+### Significant changes relative to 2.1.0:
 
 1. Fixed a regression introduced in 2.1.0 that caused build failures with
 non-GCC-compatible compilers for Un*x/Arm platforms.
@@ -121,7 +176,7 @@ transform a specially-crafted malformed JPEG image.
 2.1.0
 =====
 
-### Significant changes relative to 2.1 beta1
+### Significant changes relative to 2.1 beta1:
 
 1. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
 decompress certain progressive JPEG images with one or more component planes of
@@ -156,10 +211,10 @@ progressive JPEG format described in the report
 ["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf).
 
 7. The PPM reader now throws an error, rather than segfaulting (due to a buffer
-overrun) or generating incorrect pixels, if an application attempts to use the
-`tjLoadImage()` function to load a 16-bit binary PPM file (a binary PPM file
-with a maximum value greater than 255) into a grayscale image buffer or to load
-a 16-bit binary PGM file into an RGB image buffer.
+overrun, CVE-2021-46822) or generating incorrect pixels, if an application
+attempts to use the `tjLoadImage()` function to load a 16-bit binary PPM file
+(a binary PPM file with a maximum value greater than 255) into a grayscale
+image buffer or to load a 16-bit binary PGM file into an RGB image buffer.
 
 8. Fixed an issue in the PPM reader that caused incorrect pixels to be
 generated when using the `tjLoadImage()` function to load a 16-bit binary PPM
@@ -325,11 +380,11 @@ methods in the TurboJPEG Java API.
 
 2. Fixed or worked around multiple issues with `jpeg_skip_scanlines()`:
 
-     - Fixed segfaults or "Corrupt JPEG data: premature end of data segment"
-errors in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or
-4:2:0 JPEG images using merged (non-fancy) upsampling/color conversion (that
-is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.)  2.0.0[6] was a
-similar fix, but it did not cover all cases.
+     - Fixed segfaults (CVE-2020-35538) or "Corrupt JPEG data: premature end of
+data segment" errors in `jpeg_skip_scanlines()` that occurred when
+decompressing 4:2:2 or 4:2:0 JPEG images using merged (non-fancy)
+upsampling/color conversion (that is, when setting `cinfo.do_fancy_upsampling`
+to `FALSE`.)  2.0.0[6] was a similar fix, but it did not cover all cases.
      - `jpeg_skip_scanlines()` now throws an error if two-pass color
 quantization is enabled.  Two-pass color quantization never worked properly
 with `jpeg_skip_scanlines()`, and the issues could not readily be fixed.

LICENSE.md

@@ -91,7 +91,7 @@ best of our understanding.
 The Modified (3-clause) BSD License
 ===================================
 
-Copyright (C)2009-2022 D. R. Commander.  All Rights Reserved.<br>
+Copyright (C)2009-2023 D. R. Commander.  All Rights Reserved.<br>
 Copyright (C)2015 Viktor Szathmáry.  All Rights Reserved.
 
 Redistribution and use in source and binary forms, with or without

cmakescripts/BuildPackages.cmake

@@ -90,7 +90,7 @@ if(WITH_JAVA)
   set(INST_DEFS ${INST_DEFS} -DJAVA)
 endif()
 
-if(MSVC_IDE)
+if(GENERATOR_IS_MULTI_CONFIG)
   set(INST_DEFS ${INST_DEFS} "-DBUILDDIR=${CMAKE_CFG_INTDIR}\\")
 else()
   set(INST_DEFS ${INST_DEFS} "-DBUILDDIR=")

cmyk.h

@@ -17,7 +17,6 @@
 #include <jinclude.h>
 #define JPEG_INTERNALS
 #include <jpeglib.h>
-#include "jconfigint.h"
 
 
 /* Fully reversible */

djpeg.c

@@ -316,7 +316,9 @@ parse_switches(j_decompress_ptr cinfo, int argc, char **argv,
       if (++argn >= argc)       /* advance to next argument */
         usage();
       icc_filename = argv[argn];
+#ifdef SAVE_MARKERS_SUPPORTED
       jpeg_save_markers(cinfo, JPEG_APP0 + 2, 0xFFFF);
+#endif
 
     } else if (keymatch(arg, "map", 3)) {
       /* Quantize to a color map taken from an input file. */