From 665949a3ecf1fbe188a8387aa9a3db99432f82ec Mon Sep 17 00:00:00 2001
From: Leon Scroggins III <scroggo@google.com>
Date: Tue, 26 Jun 2018 10:49:42 -0400
Subject: Update libjpeg-turbo to pre-2.0.0 (from 1.5.3)

jpeg_skip_scanlines was incorrectly incrementing an internal counter,
resulting in an infinite loop. (This only occurs for certain types of
progressive images, using certain sample sizes.)

The fix is at https://github.com/libjpeg-turbo/libjpeg-turbo/commit/26f109290dc4ffc9c522d9f5d5a7d5d1ee2c0e0a.
This is included in tip-of-tree, which is unofficially 2.0.0, so go ahead and
update to it.

Add a test based on the original bug.

Bug: b/78329453
Change-Id: I5ade9924812324d58668c26f71cd622ef93f40a7
Reviewed-on: https://skia-review.googlesource.com/129459
Commit-Queue: Leon Scroggins <scroggo@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
---
 DEPS                               |   2 +-
 resources/images/b78329453.jpeg    | Bin 0 -> 46457 bytes
 tests/CodecTest.cpp                |  36 ++++++++++++++++++++++++++++++++++++
 third_party/libjpeg-turbo/BUILD.gn |   8 ++++----
 4 files changed, 41 insertions(+), 5 deletions(-)
 create mode 100644 resources/images/b78329453.jpeg

diff --git a/DEPS b/DEPS
index f8a574e995..f99906c7d6 100644
--- a/DEPS
+++ b/DEPS
@@ -18,7 +18,7 @@ deps = {
   "third_party/externals/imgui"           : "https://skia.googlesource.com/external/github.com/ocornut/imgui.git@6384eee34f08cb7eab8d835043e1738e4adcdf75",
   # TODO: remove jsoncpp after migrating clients to SkJSON
   "third_party/externals/jsoncpp"         : "https://chromium.googlesource.com/external/github.com/open-source-parsers/jsoncpp.git@1.0.0",
-  "third_party/externals/libjpeg-turbo"   : "https://skia.googlesource.com/external/github.com/libjpeg-turbo/libjpeg-turbo.git@1.5.3",
+  "third_party/externals/libjpeg-turbo"   : "https://skia.googlesource.com/external/github.com/libjpeg-turbo/libjpeg-turbo.git@26f109290dc4ffc9c522d9f5d5a7d5d1ee2c0e0a",
   "third_party/externals/libpng"          : "https://skia.googlesource.com/third_party/libpng.git@v1.6.33",
   "third_party/externals/libwebp"         : "https://chromium.googlesource.com/webm/libwebp.git@v0.6.1",
   "third_party/externals/lua"             : "https://skia.googlesource.com/external/github.com/lua/lua.git@v5-3-4",
diff --git a/resources/images/b78329453.jpeg b/resources/images/b78329453.jpeg
new file mode 100644
index 0000000000..b962b9eedd
Binary files /dev/null and b/resources/images/b78329453.jpeg differ
diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp
index 14b227c7d0..5b1ef0e06d 100644
--- a/tests/CodecTest.cpp
+++ b/tests/CodecTest.cpp
@@ -1581,6 +1581,42 @@ DEF_TEST(Codec_ossfuzz6274, r) {
     }
 }
 
+DEF_TEST(Codec_78329453, r) {
+    if (GetResourcePath().isEmpty()) {
+        return;
+    }
+
+    const char* file = "images/b78329453.jpeg";
+    auto data = GetResourceAsData(file);
+    if (!data) {
+        ERRORF(r, "Missing %s", file);
+        return;
+    }
+
+    auto codec = SkAndroidCodec::MakeFromCodec(SkCodec::MakeFromData(data));
+    if (!codec) {
+        ERRORF(r, "failed to create codec from %s", file);
+        return;
+    }
+
+    // A bug in jpeg_skip_scanlines resulted in an infinite loop for this specific
+    // sample size on this image. Other sample sizes could have had the same result,
+    // but the ones tested by DM happen to not.
+    constexpr int kSampleSize = 19;
+    const auto size = codec->getSampledDimensions(kSampleSize);
+    auto info = codec->getInfo().makeWH(size.width(), size.height());
+    SkBitmap bm;
+    bm.allocPixels(info);
+    bm.eraseColor(SK_ColorTRANSPARENT);
+
+    SkAndroidCodec::AndroidOptions options;
+    options.fSampleSize = kSampleSize;
+    auto result = codec->getAndroidPixels(info, bm.getPixels(), bm.rowBytes(), &options);
+    if (result != SkCodec::kSuccess) {
+        ERRORF(r, "failed to decode with error %s", SkCodec::ResultToString(result));
+    }
+}
+
 DEF_TEST(Codec_crbug807324, r) {
     if (GetResourcePath().isEmpty()) {
         return;
diff --git a/third_party/libjpeg-turbo/BUILD.gn b/third_party/libjpeg-turbo/BUILD.gn
index 66e10955d5..1f9b486637 100644
--- a/third_party/libjpeg-turbo/BUILD.gn
+++ b/third_party/libjpeg-turbo/BUILD.gn
@@ -72,13 +72,13 @@ if (skia_use_system_libjpeg_turbo) {
 
     if (current_cpu == "arm" && !is_ios) {
       sources += [
-        "../externals/libjpeg-turbo/simd/jsimd_arm.c",
-        "../externals/libjpeg-turbo/simd/jsimd_arm_neon.S",
+        "../externals/libjpeg-turbo/simd/arm/jsimd.c",
+        "../externals/libjpeg-turbo/simd/arm/jsimd_neon.S",
       ]
     } else if (current_cpu == "arm64" && !is_ios) {
       sources += [
-        "../externals/libjpeg-turbo/simd/jsimd_arm64.c",
-        "../externals/libjpeg-turbo/simd/jsimd_arm64_neon.S",
+        "../externals/libjpeg-turbo/simd/arm64/jsimd.c",
+        "../externals/libjpeg-turbo/simd/arm64/jsimd_neon.S",
       ]
     } else {
       sources += [ "../externals/libjpeg-turbo/jsimd_none.c" ]
-- 
cgit v1.2.3