1Bug 1050342. Fix a case where the fast huffman decoder in libjpeg-turbo can produce different results depending on how data is fed to it.
2
3This change comes from the blink repo https://codereview.appspot.com/229430043/ and is unlikely to be accepted upstream into libjpeg-turbo.
4
5diff --git jdhuff.c jdhuff.c
6--- jdhuff.c
7+++ jdhuff.c
8@@ -674,9 +674,9 @@ decode_mcu_fast(j_decompress_ptr cinfo,
9     d_derived_tbl *dctbl = entropy->dc_cur_tbls[blkn];
10     d_derived_tbl *actbl = entropy->ac_cur_tbls[blkn];
11     register int s, k, r, l;
12
13-    HUFF_DECODE_FAST(s, l, dctbl);
14+    HUFF_DECODE_FAST(s, l, dctbl, slow_decode_mcu);
15     if (s) {
16       FILL_BIT_BUFFER_FAST
17       r = GET_BITS(s);
18       s = HUFF_EXTEND(r, s);
19@@ -692,9 +692,9 @@ decode_mcu_fast(j_decompress_ptr cinfo,
20
21     if (entropy->ac_needed[blkn] && block) {
22
23       for (k = 1; k < DCTSIZE2; k++) {
24-        HUFF_DECODE_FAST(s, l, actbl);
25+        HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
26         r = s >> 4;
27         s &= 15;
28
29         if (s) {
30@@ -711,9 +711,9 @@ decode_mcu_fast(j_decompress_ptr cinfo,
31
32     } else {
33
34       for (k = 1; k < DCTSIZE2; k++) {
35-        HUFF_DECODE_FAST(s, l, actbl);
36+        HUFF_DECODE_FAST(s, l, actbl, slow_decode_mcu);
37         r = s >> 4;
38         s &= 15;
39
40         if (s) {
41@@ -728,8 +728,9 @@ decode_mcu_fast(j_decompress_ptr cinfo,
42     }
43   }
44
45   if (cinfo->unread_marker != 0) {
46+slow_decode_mcu:
47     cinfo->unread_marker = 0;
48     return FALSE;
49   }
50
51diff --git jdhuff.h jdhuff.h
52--- jdhuff.h
53+++ jdhuff.h
54@@ -210,9 +210,9 @@ slowlabel: \
55     get_buffer = state.get_buffer;  bits_left = state.bits_left; \
56   } \
57 }
58
59-#define HUFF_DECODE_FAST(s, nb, htbl) \
60+#define HUFF_DECODE_FAST(s, nb, htbl, slowlabel) \
61   FILL_BIT_BUFFER_FAST; \
62   s = PEEK_BITS(HUFF_LOOKAHEAD); \
63   s = htbl->lookup[s]; \
64   nb = s >> HUFF_LOOKAHEAD; \
65@@ -227,9 +227,11 @@ slowlabel: \
66       s <<= 1; \
67       s |= GET_BITS(1); \
68       nb++; \
69     } \
70-    s = htbl->pub->huffval[(int)(s + htbl->valoffset[nb]) & 0xFF]; \
71+    if (nb > 16) \
72+      goto slowlabel; \
73+    s = htbl->pub->huffval[ (int) (s + htbl->valoffset[nb]) ]; \
74   }
75
76 /* Out-of-line case for Huffman code fetching */
77 EXTERN(int) jpeg_huff_decode(bitread_working_state *state,
78