1diff --git a/java/TJUnitTest.java b/java/TJUnitTest.java 2index 91ad5fd..07c59d8 100644 3--- a/java/TJUnitTest.java 4+++ b/java/TJUnitTest.java 5@@ -837,6 +837,54 @@ final class TJUnitTest { 6 if (tjd != null) tjd.close(); 7 } 8 9+ static void overflowTest() throws Exception { 10+ /* Ensure that the various buffer size methods don't overflow */ 11+ int size = 0; 12+ boolean exception = false; 13+ try { 14+ exception = false; 15+ size = TJ.bufSize(18919, 18919, TJ.SAMP_444); 16+ } catch (Exception e) { exception = true; } 17+ if (!exception || size != 0) 18+ throw new Exception("TJ.bufSize() overflow"); 19+ try { 20+ exception = false; 21+ size = TJ.bufSizeYUV(26755, 1, 26755, TJ.SAMP_444); 22+ } catch (Exception e) { exception = true; } 23+ if (!exception || size != 0) 24+ throw new Exception("TJ.bufSizeYUV() overflow"); 25+ try { 26+ exception = false; 27+ size = TJ.bufSizeYUV(26754, 3, 26754, TJ.SAMP_444); 28+ } catch (Exception e) { exception = true; } 29+ if (!exception || size != 0) 30+ throw new Exception("TJ.bufSizeYUV() overflow"); 31+ try { 32+ exception = false; 33+ size = TJ.bufSizeYUV(26754, -1, 26754, TJ.SAMP_444); 34+ } catch (Exception e) { exception = true; } 35+ if (!exception || size != 0) 36+ throw new Exception("TJ.bufSizeYUV() overflow"); 37+ try { 38+ exception = false; 39+ size = TJ.planeSizeYUV(0, 46341, 0, 46341, TJ.SAMP_444); 40+ } catch (Exception e) { exception = true; } 41+ if (!exception || size != 0) 42+ throw new Exception("TJ.planeSizeYUV() overflow"); 43+ try { 44+ exception = false; 45+ size = TJ.planeWidth(0, Integer.MAX_VALUE, TJ.SAMP_420); 46+ } catch (Exception e) { exception = true; } 47+ if (!exception || size != 0) 48+ throw new Exception("TJ.planeWidth() overflow"); 49+ try { 50+ exception = false; 51+ size = TJ.planeHeight(0, Integer.MAX_VALUE, TJ.SAMP_420); 52+ } catch (Exception e) { exception = true; } 53+ if (!exception || size != 0) 54+ throw new Exception("TJ.planeHeight() overflow"); 55+ } 56+ 57 static void bufSizeTest() throws Exception { 58 int w, h, i, subsamp; 59 byte[] srcBuf, dstBuf = null; 60@@ -912,6 +960,7 @@ final class TJUnitTest { 61 } 62 if (doYUV) 63 FORMATS_4BYTE[4] = -1; 64+ overflowTest(); 65 doTest(35, 39, bi ? FORMATS_3BYTEBI : FORMATS_3BYTE, TJ.SAMP_444, 66 testName); 67 doTest(39, 41, bi ? FORMATS_4BYTEBI : FORMATS_4BYTE, TJ.SAMP_444, 68diff --git a/jchuff.h b/jchuff.h 69index 314a232..da7809a 100644 70--- a/jchuff.h 71+++ b/jchuff.h 72@@ -3,8 +3,8 @@ 73 * 74 * This file was part of the Independent JPEG Group's software: 75 * Copyright (C) 1991-1997, Thomas G. Lane. 76- * It was modified by The libjpeg-turbo Project to include only code relevant 77- * to libjpeg-turbo. 78+ * libjpeg-turbo Modifications: 79+ * Copyright (C) 2022, D. R. Commander. 80 * For conditions of distribution and use, see the accompanying README.ijg 81 * file. 82 * 83@@ -25,6 +25,14 @@ 84 #define MAX_COEF_BITS 14 85 #endif 86 87+/* The progressive Huffman encoder uses an unsigned 16-bit data type to store 88+ * absolute values of coefficients, because it is possible to inject a 89+ * coefficient value of -32768 into the encoder by attempting to transform a 90+ * malformed 12-bit JPEG image, and the absolute value of -32768 would overflow 91+ * a signed 16-bit integer. 92+ */ 93+typedef unsigned short UJCOEF; 94+ 95 /* Derived data constructed for each Huffman table */ 96 97 typedef struct { 98diff --git a/jcphuff.c b/jcphuff.c 99index 1101987..7c9d7cf 100644 100--- a/jcphuff.c 101+++ b/jcphuff.c 102@@ -5,7 +5,7 @@ 103 * Copyright (C) 1995-1997, Thomas G. Lane. 104 * libjpeg-turbo Modifications: 105 * Copyright (C) 2011, 2015, 2018, 2021, D. R. Commander. 106- * Copyright (C) 2016, 2018, Matthieu Darbois. 107+ * Copyright (C) 2016, 2018, 2022, Matthieu Darbois. 108 * Copyright (C) 2020, Arm Limited. 109 * Copyright (C) 2021, Alex Richardson. 110 * For conditions of distribution and use, see the accompanying README.ijg 111@@ -83,11 +83,11 @@ typedef struct { 112 /* Pointer to routine to prepare data for encode_mcu_AC_first() */ 113 void (*AC_first_prepare) (const JCOEF *block, 114 const int *jpeg_natural_order_start, int Sl, 115- int Al, JCOEF *values, size_t *zerobits); 116+ int Al, UJCOEF *values, size_t *zerobits); 117 /* Pointer to routine to prepare data for encode_mcu_AC_refine() */ 118 int (*AC_refine_prepare) (const JCOEF *block, 119 const int *jpeg_natural_order_start, int Sl, 120- int Al, JCOEF *absvalues, size_t *bits); 121+ int Al, UJCOEF *absvalues, size_t *bits); 122 123 /* Mode flag: TRUE for optimization, FALSE for actual data output */ 124 boolean gather_statistics; 125@@ -157,14 +157,14 @@ METHODDEF(boolean) encode_mcu_DC_first(j_compress_ptr cinfo, 126 JBLOCKROW *MCU_data); 127 METHODDEF(void) encode_mcu_AC_first_prepare 128 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 129- JCOEF *values, size_t *zerobits); 130+ UJCOEF *values, size_t *zerobits); 131 METHODDEF(boolean) encode_mcu_AC_first(j_compress_ptr cinfo, 132 JBLOCKROW *MCU_data); 133 METHODDEF(boolean) encode_mcu_DC_refine(j_compress_ptr cinfo, 134 JBLOCKROW *MCU_data); 135 METHODDEF(int) encode_mcu_AC_refine_prepare 136 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 137- JCOEF *absvalues, size_t *bits); 138+ UJCOEF *absvalues, size_t *bits); 139 METHODDEF(boolean) encode_mcu_AC_refine(j_compress_ptr cinfo, 140 JBLOCKROW *MCU_data); 141 METHODDEF(void) finish_pass_phuff(j_compress_ptr cinfo); 142@@ -584,8 +584,8 @@ encode_mcu_DC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 143 continue; \ 144 /* For a negative coef, want temp2 = bitwise complement of abs(coef) */ \ 145 temp2 ^= temp; \ 146- values[k] = temp; \ 147- values[k + DCTSIZE2] = temp2; \ 148+ values[k] = (UJCOEF)temp; \ 149+ values[k + DCTSIZE2] = (UJCOEF)temp2; \ 150 zerobits |= ((size_t)1U) << k; \ 151 } \ 152 } 153@@ -593,7 +593,7 @@ encode_mcu_DC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 154 METHODDEF(void) 155 encode_mcu_AC_first_prepare(const JCOEF *block, 156 const int *jpeg_natural_order_start, int Sl, 157- int Al, JCOEF *values, size_t *bits) 158+ int Al, UJCOEF *values, size_t *bits) 159 { 160 register int k, temp, temp2; 161 size_t zerobits = 0U; 162@@ -666,9 +666,9 @@ encode_mcu_AC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 163 register int nbits, r; 164 int Sl = cinfo->Se - cinfo->Ss + 1; 165 int Al = cinfo->Al; 166- JCOEF values_unaligned[2 * DCTSIZE2 + 15]; 167- JCOEF *values; 168- const JCOEF *cvalue; 169+ UJCOEF values_unaligned[2 * DCTSIZE2 + 15]; 170+ UJCOEF *values; 171+ const UJCOEF *cvalue; 172 size_t zerobits; 173 size_t bits[8 / SIZEOF_SIZE_T]; 174 175@@ -681,7 +681,7 @@ encode_mcu_AC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 176 emit_restart(entropy, entropy->next_restart_num); 177 178 #ifdef WITH_SIMD 179- cvalue = values = (JCOEF *)PAD((JUINTPTR)values_unaligned, 16); 180+ cvalue = values = (UJCOEF *)PAD((size_t)values_unaligned, 16); 181 #else 182 /* Not using SIMD, so alignment is not needed */ 183 cvalue = values = values_unaligned; 184@@ -815,7 +815,7 @@ encode_mcu_DC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 185 zerobits |= ((size_t)1U) << k; \ 186 signbits |= ((size_t)(temp2 + 1)) << k; \ 187 } \ 188- absvalues[k] = (JCOEF)temp; /* save abs value for main pass */ \ 189+ absvalues[k] = (UJCOEF)temp; /* save abs value for main pass */ \ 190 if (temp == 1) \ 191 EOB = k + koffset; /* EOB = index of last newly-nonzero coef */ \ 192 } \ 193@@ -824,7 +824,7 @@ encode_mcu_DC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 194 METHODDEF(int) 195 encode_mcu_AC_refine_prepare(const JCOEF *block, 196 const int *jpeg_natural_order_start, int Sl, 197- int Al, JCOEF *absvalues, size_t *bits) 198+ int Al, UJCOEF *absvalues, size_t *bits) 199 { 200 register int k, temp, temp2; 201 int EOB = 0; 202@@ -931,9 +931,9 @@ encode_mcu_AC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 203 unsigned int BR; 204 int Sl = cinfo->Se - cinfo->Ss + 1; 205 int Al = cinfo->Al; 206- JCOEF absvalues_unaligned[DCTSIZE2 + 15]; 207- JCOEF *absvalues; 208- const JCOEF *cabsvalue, *EOBPTR; 209+ UJCOEF absvalues_unaligned[DCTSIZE2 + 15]; 210+ UJCOEF *absvalues; 211+ const UJCOEF *cabsvalue, *EOBPTR; 212 size_t zerobits, signbits; 213 size_t bits[16 / SIZEOF_SIZE_T]; 214 215@@ -946,7 +946,7 @@ encode_mcu_AC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 216 emit_restart(entropy, entropy->next_restart_num); 217 218 #ifdef WITH_SIMD 219- cabsvalue = absvalues = (JCOEF *)PAD((JUINTPTR)absvalues_unaligned, 16); 220+ cabsvalue = absvalues = (UJCOEF *)PAD((size_t)absvalues_unaligned, 16); 221 #else 222 /* Not using SIMD, so alignment is not needed */ 223 cabsvalue = absvalues = absvalues_unaligned; 224diff --git a/jerror.c b/jerror.c 225index 936c4f5..aa0c6ee 100644 226--- a/jerror.c 227+++ b/jerror.c 228@@ -27,6 +27,8 @@ 229 #include "jversion.h" 230 #include "jerror.h" 231 232+#include <stdlib.h> 233+ 234 #ifdef USE_WINDOWS_MESSAGEBOX 235 #include <windows.h> 236 #endif 237diff --git a/jsimd.h b/jsimd.h 238index 6c20365..f3a87ee 100644 239--- a/jsimd.h 240+++ b/jsimd.h 241@@ -114,10 +114,10 @@ EXTERN(int) jsimd_can_encode_mcu_AC_first_prepare(void); 242 243 EXTERN(void) jsimd_encode_mcu_AC_first_prepare 244 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 245- JCOEF *values, size_t *zerobits); 246+ UJCOEF *values, size_t *zerobits); 247 248 EXTERN(int) jsimd_can_encode_mcu_AC_refine_prepare(void); 249 250 EXTERN(int) jsimd_encode_mcu_AC_refine_prepare 251 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 252- JCOEF *absvalues, size_t *bits); 253+ UJCOEF *absvalues, size_t *bits); 254diff --git a/jsimd_none.c b/jsimd_none.c 255index 5b38a9f..a25db73 100644 256--- a/jsimd_none.c 257+++ b/jsimd_none.c 258@@ -2,8 +2,8 @@ 259 * jsimd_none.c 260 * 261 * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 262- * Copyright (C) 2009-2011, 2014, D. R. Commander. 263- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 264+ * Copyright (C) 2009-2011, 2014, 2022, D. R. Commander. 265+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 266 * Copyright (C) 2020, Arm Limited. 267 * 268 * Based on the x86 SIMD extension for IJG JPEG library, 269@@ -412,7 +412,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 270 GLOBAL(void) 271 jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 272 const int *jpeg_natural_order_start, int Sl, 273- int Al, JCOEF *values, size_t *zerobits) 274+ int Al, UJCOEF *values, size_t *zerobits) 275 { 276 } 277 278@@ -425,7 +425,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 279 GLOBAL(int) 280 jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 281 const int *jpeg_natural_order_start, int Sl, 282- int Al, JCOEF *absvalues, size_t *bits) 283+ int Al, UJCOEF *absvalues, size_t *bits) 284 { 285 return 0; 286 } 287diff --git a/simd/arm/aarch32/jsimd.c b/simd/arm/aarch32/jsimd.c 288index fac55df..d6568c5 100644 289--- a/simd/arm/aarch32/jsimd.c 290+++ b/simd/arm/aarch32/jsimd.c 291@@ -4,7 +4,7 @@ 292 * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 293 * Copyright (C) 2011, Nokia Corporation and/or its subsidiary(-ies). 294 * Copyright (C) 2009-2011, 2013-2014, 2016, 2018, D. R. Commander. 295- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 296+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 297 * Copyright (C) 2019, Google LLC. 298 * Copyright (C) 2020, Arm Limited. 299 * 300@@ -950,7 +950,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 301 GLOBAL(void) 302 jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 303 const int *jpeg_natural_order_start, int Sl, 304- int Al, JCOEF *values, size_t *zerobits) 305+ int Al, UJCOEF *values, size_t *zerobits) 306 { 307 jsimd_encode_mcu_AC_first_prepare_neon(block, jpeg_natural_order_start, 308 Sl, Al, values, zerobits); 309@@ -975,7 +975,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 310 GLOBAL(int) 311 jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 312 const int *jpeg_natural_order_start, int Sl, 313- int Al, JCOEF *absvalues, size_t *bits) 314+ int Al, UJCOEF *absvalues, size_t *bits) 315 { 316 return jsimd_encode_mcu_AC_refine_prepare_neon(block, 317 jpeg_natural_order_start, Sl, 318diff --git a/simd/arm/aarch64/jsimd.c b/simd/arm/aarch64/jsimd.c 319index 8570b82..7de4f9a 100644 320--- a/simd/arm/aarch64/jsimd.c 321+++ b/simd/arm/aarch64/jsimd.c 322@@ -4,7 +4,7 @@ 323 * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 324 * Copyright (C) 2011, Nokia Corporation and/or its subsidiary(-ies). 325 * Copyright (C) 2009-2011, 2013-2014, 2016, 2018, 2020, D. R. Commander. 326- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 327+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 328 * Copyright (C) 2020, Arm Limited. 329 * 330 * Based on the x86 SIMD extension for IJG JPEG library, 331@@ -1028,7 +1028,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 332 GLOBAL(void) 333 jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 334 const int *jpeg_natural_order_start, int Sl, 335- int Al, JCOEF *values, size_t *zerobits) 336+ int Al, UJCOEF *values, size_t *zerobits) 337 { 338 jsimd_encode_mcu_AC_first_prepare_neon(block, jpeg_natural_order_start, 339 Sl, Al, values, zerobits); 340@@ -1055,7 +1055,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 341 GLOBAL(int) 342 jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 343 const int *jpeg_natural_order_start, int Sl, 344- int Al, JCOEF *absvalues, size_t *bits) 345+ int Al, UJCOEF *absvalues, size_t *bits) 346 { 347 return jsimd_encode_mcu_AC_refine_prepare_neon(block, 348 jpeg_natural_order_start, 349diff --git a/simd/arm/jcphuff-neon.c b/simd/arm/jcphuff-neon.c 350index b91c5db..24d756e 100644 351--- a/simd/arm/jcphuff-neon.c 352+++ b/simd/arm/jcphuff-neon.c 353@@ -41,10 +41,10 @@ 354 355 void jsimd_encode_mcu_AC_first_prepare_neon 356 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 357- JCOEF *values, size_t *zerobits) 358+ UJCOEF *values, size_t *zerobits) 359 { 360- JCOEF *values_ptr = values; 361- JCOEF *diff_values_ptr = values + DCTSIZE2; 362+ JCOEF *values_ptr = values; 363+ JCOEF *diff_values_ptr = values + DCTSIZE2; 364 365 /* Rows of coefficients to zero (since they haven't been processed) */ 366 int i, rows_to_zero = 8; 367@@ -274,7 +274,7 @@ void jsimd_encode_mcu_AC_first_prepare_neon 368 369 int jsimd_encode_mcu_AC_refine_prepare_neon 370 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 371- JCOEF *absvalues, size_t *bits) 372+ UJCOEF *absvalues, size_t *bits) 373 { 374 /* Temporary storage buffers for data used to compute the signbits bitmap and 375 * the end-of-block (EOB) position 376@@ -282,7 +282,7 @@ int jsimd_encode_mcu_AC_refine_prepare_neon 377 uint8_t coef_sign_bits[64]; 378 uint8_t coef_eq1_bits[64]; 379 380- JCOEF *absvalues_ptr = absvalues; 381+ UJCOEF *absvalues_ptr = absvalues; 382 uint8_t *coef_sign_bits_ptr = coef_sign_bits; 383 uint8_t *eq1_bits_ptr = coef_eq1_bits; 384 385diff --git a/simd/i386/jsimd.c b/simd/i386/jsimd.c 386index 563949a..ebe0767 100644 387--- a/simd/i386/jsimd.c 388+++ b/simd/i386/jsimd.c 389@@ -3,7 +3,7 @@ 390 * 391 * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 392 * Copyright (C) 2009-2011, 2013-2014, 2016, 2018, D. R. Commander. 393- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 394+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 395 * 396 * Based on the x86 SIMD extension for IJG JPEG library, 397 * Copyright (C) 1999-2006, MIYASAKA Masaru. 398@@ -1219,7 +1219,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 399 GLOBAL(void) 400 jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 401 const int *jpeg_natural_order_start, int Sl, 402- int Al, JCOEF *values, size_t *zerobits) 403+ int Al, UJCOEF *values, size_t *zerobits) 404 { 405 jsimd_encode_mcu_AC_first_prepare_sse2(block, jpeg_natural_order_start, 406 Sl, Al, values, zerobits); 407@@ -1245,7 +1245,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 408 GLOBAL(int) 409 jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 410 const int *jpeg_natural_order_start, int Sl, 411- int Al, JCOEF *absvalues, size_t *bits) 412+ int Al, UJCOEF *absvalues, size_t *bits) 413 { 414 return jsimd_encode_mcu_AC_refine_prepare_sse2(block, 415 jpeg_natural_order_start, 416diff --git a/simd/jsimd.h b/simd/jsimd.h 417index 64747c6..abebbf4 100644 418--- a/simd/jsimd.h 419+++ b/simd/jsimd.h 420@@ -5,7 +5,7 @@ 421 * Copyright (C) 2011, 2014-2016, 2018, 2020, D. R. Commander. 422 * Copyright (C) 2013-2014, MIPS Technologies, Inc., California. 423 * Copyright (C) 2014, Linaro Limited. 424- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 425+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 426 * Copyright (C) 2016-2018, Loongson Technology Corporation Limited, BeiJing. 427 * Copyright (C) 2020, Arm Limited. 428 * 429@@ -15,6 +15,8 @@ 430 * 431 */ 432 433+#include <stdlib.h> 434+ 435 /* Bitmask for supported acceleration methods */ 436 437 #define JSIMD_NONE 0x00 438@@ -1243,16 +1245,16 @@ EXTERN(JOCTET *) jsimd_huff_encode_one_block_neon_slowtbl 439 /* Progressive Huffman encoding */ 440 EXTERN(void) jsimd_encode_mcu_AC_first_prepare_sse2 441 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 442- JCOEF *values, size_t *zerobits); 443+ UJCOEF *values, size_t *zerobits); 444 445 EXTERN(void) jsimd_encode_mcu_AC_first_prepare_neon 446 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 447- JCOEF *values, size_t *zerobits); 448+ UJCOEF *values, size_t *zerobits); 449 450 EXTERN(int) jsimd_encode_mcu_AC_refine_prepare_sse2 451 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 452- JCOEF *absvalues, size_t *bits); 453+ UJCOEF *absvalues, size_t *bits); 454 455 EXTERN(int) jsimd_encode_mcu_AC_refine_prepare_neon 456 (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 457- JCOEF *absvalues, size_t *bits); 458+ UJCOEF *absvalues, size_t *bits); 459diff --git a/simd/mips/jsimd.c b/simd/mips/jsimd.c 460index d2546ee..9be0a96 100644 461--- a/simd/mips/jsimd.c 462+++ b/simd/mips/jsimd.c 463@@ -4,7 +4,7 @@ 464 * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 465 * Copyright (C) 2009-2011, 2014, 2016, 2018, 2020, D. R. Commander. 466 * Copyright (C) 2013-2014, MIPS Technologies, Inc., California. 467- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 468+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 469 * 470 * Based on the x86 SIMD extension for IJG JPEG library, 471 * Copyright (C) 1999-2006, MIYASAKA Masaru. 472@@ -1128,7 +1128,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 473 GLOBAL(void) 474 jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 475 const int *jpeg_natural_order_start, int Sl, 476- int Al, JCOEF *values, size_t *zerobits) 477+ int Al, UJCOEF *values, size_t *zerobits) 478 { 479 } 480 481@@ -1141,7 +1141,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 482 GLOBAL(int) 483 jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 484 const int *jpeg_natural_order_start, int Sl, 485- int Al, JCOEF *absvalues, size_t *bits) 486+ int Al, UJCOEF *absvalues, size_t *bits) 487 { 488 return 0; 489 } 490diff --git a/simd/mips64/jsimd.c b/simd/mips64/jsimd.c 491index e8f1af5..bb9785b 100644 492--- a/simd/mips64/jsimd.c 493+++ b/simd/mips64/jsimd.c 494@@ -851,7 +851,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 495 GLOBAL(void) 496 jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 497 const int *jpeg_natural_order_start, int Sl, 498- int Al, JCOEF *values, size_t *zerobits) 499+ int Al, UJCOEF *values, size_t *zerobits) 500 { 501 } 502 503@@ -864,7 +864,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 504 GLOBAL(int) 505 jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 506 const int *jpeg_natural_order_start, int Sl, 507- int Al, JCOEF *absvalues, size_t *bits) 508+ int Al, UJCOEF *absvalues, size_t *bits) 509 { 510 return 0; 511 } 512diff --git a/simd/powerpc/jsimd.c b/simd/powerpc/jsimd.c 513index d0d3981..8affc5e 100644 514--- a/simd/powerpc/jsimd.c 515+++ b/simd/powerpc/jsimd.c 516@@ -3,7 +3,7 @@ 517 * 518 * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 519 * Copyright (C) 2009-2011, 2014-2016, 2018, D. R. Commander. 520- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 521+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 522 * 523 * Based on the x86 SIMD extension for IJG JPEG library, 524 * Copyright (C) 1999-2006, MIYASAKA Masaru. 525@@ -853,7 +853,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 526 GLOBAL(void) 527 jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 528 const int *jpeg_natural_order_start, int Sl, 529- int Al, JCOEF *values, size_t *zerobits) 530+ int Al, UJCOEF *values, size_t *zerobits) 531 { 532 } 533 534@@ -866,7 +866,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 535 GLOBAL(int) 536 jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 537 const int *jpeg_natural_order_start, int Sl, 538- int Al, JCOEF *absvalues, size_t *bits) 539+ int Al, UJCOEF *absvalues, size_t *bits) 540 { 541 return 0; 542 } 543diff --git a/simd/x86_64/jsimd.c b/simd/x86_64/jsimd.c 544index eb76679..1ede507 100644 545--- a/simd/x86_64/jsimd.c 546+++ b/simd/x86_64/jsimd.c 547@@ -3,7 +3,7 @@ 548 * 549 * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 550 * Copyright (C) 2009-2011, 2014, 2016, 2018, D. R. Commander. 551- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 552+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 553 * 554 * Based on the x86 SIMD extension for IJG JPEG library, 555 * Copyright (C) 1999-2006, MIYASAKA Masaru. 556@@ -1040,7 +1040,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 557 GLOBAL(void) 558 jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 559 const int *jpeg_natural_order_start, int Sl, 560- int Al, JCOEF *values, size_t *zerobits) 561+ int Al, UJCOEF *values, size_t *zerobits) 562 { 563 jsimd_encode_mcu_AC_first_prepare_sse2(block, jpeg_natural_order_start, 564 Sl, Al, values, zerobits); 565@@ -1064,7 +1064,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 566 GLOBAL(int) 567 jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 568 const int *jpeg_natural_order_start, int Sl, 569- int Al, JCOEF *absvalues, size_t *bits) 570+ int Al, UJCOEF *absvalues, size_t *bits) 571 { 572 return jsimd_encode_mcu_AC_refine_prepare_sse2(block, 573 jpeg_natural_order_start, 574diff --git a/tjbench.c b/tjbench.c 575index 156c906..8c83025 100644 576--- a/tjbench.c 577+++ b/tjbench.c 578@@ -592,10 +592,16 @@ static int decompTest(char *fileName) 579 if ((flags & TJFLAG_NOREALLOC) != 0 && 580 (doTile || xformOp != TJXOP_NONE || xformOpt != 0 || customFilter)) 581 for (i = 0; i < ntilesw * ntilesh; i++) { 582- if (tjBufSize(tilew, tileh, subsamp) > (unsigned long)INT_MAX) 583+ unsigned long jpegBufSize; 584+ 585+ if (xformOp == TJXOP_TRANSPOSE || xformOp == TJXOP_TRANSVERSE || 586+ xformOp == TJXOP_ROT90 || xformOp == TJXOP_ROT270) 587+ jpegBufSize = tjBufSize(tileh, tilew, subsamp); 588+ else 589+ jpegBufSize = tjBufSize(tilew, tileh, subsamp); 590+ if (jpegBufSize > (unsigned long)INT_MAX) 591 THROW("getting buffer size", "Image is too large"); 592- if ((jpegBuf[i] = (unsigned char *) 593- tjAlloc(tjBufSize(tilew, tileh, subsamp))) == NULL) 594+ if ((jpegBuf[i] = (unsigned char *)tjAlloc(jpegBufSize)) == NULL) 595 THROW_UNIX("allocating JPEG tiles"); 596 } 597 598diff --git a/tjexample.c b/tjexample.c 599index a9cd865..2ac1fed 100644 600--- a/tjexample.c 601+++ b/tjexample.c 602@@ -32,6 +32,7 @@ 603 * images using the TurboJPEG C API 604 */ 605 606+#include <limits.h> 607 #include <stdio.h> 608 #include <stdlib.h> 609 #include <string.h> 610@@ -273,6 +274,8 @@ int main(int argc, char **argv) 611 if (size == 0) 612 THROW("determining input file size", "Input file contains no data"); 613 jpegSize = (unsigned long)size; 614+ if (jpegSize > (unsigned long)INT_MAX) 615+ THROW("allocating JPEG buffer", "Input file is too large"); 616 if ((jpegBuf = (unsigned char *)tjAlloc(jpegSize)) == NULL) 617 THROW_UNIX("allocating JPEG buffer"); 618 if (fread(jpegBuf, jpegSize, 1, jpegFile) < 1) 619@@ -330,8 +333,12 @@ int main(int argc, char **argv) 620 outSubsamp = inSubsamp; 621 622 pixelFormat = TJPF_BGRX; 623- if ((imgBuf = (unsigned char *)tjAlloc(width * height * 624- tjPixelSize[pixelFormat])) == NULL) 625+ if ((unsigned long long)width * height * tjPixelSize[pixelFormat] > 626+ (unsigned long long)((size_t)-1)) 627+ THROW("allocating uncompressed image buffer", "Image is too large"); 628+ if ((imgBuf = 629+ (unsigned char *)malloc(sizeof(unsigned char) * width * height * 630+ tjPixelSize[pixelFormat])) == NULL) 631 THROW_UNIX("allocating uncompressed image buffer"); 632 633 if (tjDecompress2(tjInstance, jpegBuf, jpegSize, imgBuf, width, 0, height, 634diff --git a/tjunittest.c b/tjunittest.c 635index f59939f..38ada63 100644 636--- a/tjunittest.c 637+++ b/tjunittest.c 638@@ -33,6 +33,7 @@ 639 #include <stdio.h> 640 #include <stdlib.h> 641 #include <string.h> 642+#include <limits.h> 643 #include <errno.h> 644 #include "tjutil.h" 645 #include "turbojpeg.h" 646@@ -566,11 +567,16 @@ bailout: 647 THROW(#function " overflow"); \ 648 } 649 #endif 650+#define CHECKSIZEINT(function) { \ 651+ if (intsize != -1 || !strcmp(tjGetErrorStr2(NULL), "No error")) \ 652+ THROW(#function " overflow"); \ 653+} 654 655 static void overflowTest(void) 656 { 657 /* Ensure that the various buffer size functions don't overflow */ 658 unsigned long size; 659+ int intsize; 660 661 size = tjBufSize(26755, 26755, TJSAMP_444); 662 CHECKSIZE(tjBufSize()); 663@@ -584,6 +590,10 @@ static void overflowTest(void) 664 CHECKSIZE(tjBufSizeYUV()); 665 size = tjPlaneSizeYUV(0, 65536, 0, 65536, TJSAMP_444); 666 CHECKSIZE(tjPlaneSizeYUV()); 667+ intsize = tjPlaneWidth(0, INT_MAX, TJSAMP_420); 668+ CHECKSIZEINT(tjPlaneWidth()); 669+ intsize = tjPlaneHeight(0, INT_MAX, TJSAMP_420); 670+ CHECKSIZEINT(tjPlaneHeight()); 671 672 bailout: 673 return; 674diff --git a/turbojpeg-jni.c b/turbojpeg-jni.c 675index 1b728e3..053edbd 100644 676--- a/turbojpeg-jni.c 677+++ b/turbojpeg-jni.c 678@@ -26,6 +26,7 @@ 679 * POSSIBILITY OF SUCH DAMAGE. 680 */ 681 682+#include <limits.h> 683 #include <stdlib.h> 684 #include <string.h> 685 #include "turbojpeg.h" 686@@ -128,24 +129,28 @@ bailout: 687 JNIEXPORT jint JNICALL Java_org_libjpegturbo_turbojpeg_TJ_bufSize 688 (JNIEnv *env, jclass cls, jint width, jint height, jint jpegSubsamp) 689 { 690- jint retval = (jint)tjBufSize(width, height, jpegSubsamp); 691+ unsigned long retval = tjBufSize(width, height, jpegSubsamp); 692 693- if (retval == -1) THROW_ARG(tjGetErrorStr()); 694+ if (retval == (unsigned long)-1) THROW_ARG(tjGetErrorStr()); 695+ if (retval > (unsigned long)INT_MAX) 696+ THROW_ARG("Image is too large"); 697 698 bailout: 699- return retval; 700+ return (jint)retval; 701 } 702 703 /* TurboJPEG 1.4.x: TJ::bufSizeYUV() */ 704 JNIEXPORT jint JNICALL Java_org_libjpegturbo_turbojpeg_TJ_bufSizeYUV__IIII 705 (JNIEnv *env, jclass cls, jint width, jint pad, jint height, jint subsamp) 706 { 707- jint retval = (jint)tjBufSizeYUV2(width, pad, height, subsamp); 708+ unsigned long retval = tjBufSizeYUV2(width, align, height, subsamp); 709 710- if (retval == -1) THROW_ARG(tjGetErrorStr()); 711+ if (retval == (unsigned long)-1) THROW_ARG(tjGetErrorStr()); 712+ if (retval > (unsigned long)INT_MAX) 713+ THROW_ARG("Image is too large"); 714 715 bailout: 716- return retval; 717+ return (jint)retval; 718 } 719 720 /* TurboJPEG 1.2.x: TJ::bufSizeYUV() */ 721@@ -162,13 +167,15 @@ JNIEXPORT jint JNICALL Java_org_libjpegturbo_turbojpeg_TJ_planeSizeYUV__IIIII 722 (JNIEnv *env, jclass cls, jint componentID, jint width, jint stride, 723 jint height, jint subsamp) 724 { 725- jint retval = (jint)tjPlaneSizeYUV(componentID, width, stride, height, 726- subsamp); 727+ unsigned long retval = tjPlaneSizeYUV(componentID, width, stride, height, 728+ subsamp); 729 730- if (retval == -1) THROW_ARG(tjGetErrorStr()); 731+ if (retval == (unsigned long)-1) THROW_ARG(tjGetErrorStr()); 732+ if (retval > (unsigned long)INT_MAX) 733+ THROW_ARG("Image is too large"); 734 735 bailout: 736- return retval; 737+ return (jint)retval; 738 } 739 740 /* TurboJPEG 1.4.x: TJ::planeWidth() */ 741@@ -1176,6 +1183,10 @@ JNIEXPORT jintArray JNICALL Java_org_libjpegturbo_turbojpeg_TJTransformer_transf 742 for (i = 0; i < n; i++) { 743 int w = jpegWidth, h = jpegHeight; 744 745+ if (t[i].op == TJXOP_TRANSPOSE || t[i].op == TJXOP_TRANSVERSE || 746+ t[i].op == TJXOP_ROT90 || t[i].op == TJXOP_ROT270) { 747+ w = jpegHeight; h = jpegWidth; 748+ } 749 if (t[i].r.w != 0) w = t[i].r.w; 750 if (t[i].r.h != 0) h = t[i].r.h; 751 BAILIF0(jdstBufs[i] = (*env)->GetObjectArrayElement(env, dstobjs, i)); 752diff --git a/turbojpeg.c b/turbojpeg.c 753index 47c5999..6c425be 100644 754--- a/turbojpeg.c 755+++ b/turbojpeg.c 756@@ -33,6 +33,7 @@ 757 #include <stdio.h> 758 #include <stdlib.h> 759 #include <ctype.h> 760+#include <limits.h> 761 #include <jinclude.h> 762 #define JPEG_INTERNALS 763 #include <jpeglib.h> 764@@ -599,7 +600,8 @@ DLLEXPORT unsigned long TJBUFSIZEYUV(int width, int height, int subsamp) 765 766 DLLEXPORT int tjPlaneWidth(int componentID, int width, int subsamp) 767 { 768- int pw, nc, retval = 0; 769+ unsigned long long pw, retval = 0; 770+ int nc; 771 772 if (width < 1 || subsamp < 0 || subsamp >= TJ_NUMSAMP) 773 THROWG("tjPlaneWidth(): Invalid argument"); 774@@ -613,14 +615,18 @@ DLLEXPORT int tjPlaneWidth(int componentID, int width, int subsamp) 775 else 776 retval = pw * 8 / tjMCUWidth[subsamp]; 777 778+ if (retval > (unsigned long long)INT_MAX) 779+ THROWG("tjPlaneWidth(): Width is too large"); 780+ 781 bailout: 782- return retval; 783+ return (int)retval; 784 } 785 786 787 DLLEXPORT int tjPlaneHeight(int componentID, int height, int subsamp) 788 { 789- int ph, nc, retval = 0; 790+ unsigned long long ph, retval = 0; 791+ int nc; 792 793 if (height < 1 || subsamp < 0 || subsamp >= TJ_NUMSAMP) 794 THROWG("tjPlaneHeight(): Invalid argument"); 795@@ -634,8 +640,11 @@ DLLEXPORT int tjPlaneHeight(int componentID, int height, int subsamp) 796 else 797 retval = ph * 8 / tjMCUHeight[subsamp]; 798 799+ if (retval > (unsigned long long)INT_MAX) 800+ THROWG("tjPlaneHeight(): Height is too large"); 801+ 802 bailout: 803- return retval; 804+ return (int)retval; 805 } 806 807 808@@ -1985,6 +1994,10 @@ DLLEXPORT int tjTransform(tjhandle handle, const unsigned char *jpegBuf, 809 810 if (!xinfo[i].crop) { 811 w = dinfo->image_width; h = dinfo->image_height; 812+ if (t[i].op == TJXOP_TRANSPOSE || t[i].op == TJXOP_TRANSVERSE || 813+ t[i].op == TJXOP_ROT90 || t[i].op == TJXOP_ROT270) { 814+ w = dinfo->image_height; h = dinfo->image_width; 815+ } 816 } else { 817 w = xinfo[i].crop_width; h = xinfo[i].crop_height; 818 } 819diff --git a/libjpeg-turbo-2.1.x-bugfix.patch b/libjpeg-turbo-2.1.x-bugfix.patch 820index c4c0b10..2eac16b 100644 821--- a/libjpeg-turbo-2.1.x-bugfix.patch 822+++ b/libjpeg-turbo-2.1.x-bugfix.patch 823@@ -1,804 +0,0 @@ 824-diff --git a/java/TJUnitTest.java b/java/TJUnitTest.java 825-index 91ad5fd..07c59d8 100644 826---- a/java/TJUnitTest.java 827-+++ b/java/TJUnitTest.java 828-@@ -837,6 +837,54 @@ final class TJUnitTest { 829- if (tjd != null) tjd.close(); 830- } 831- 832-+ static void overflowTest() throws Exception { 833-+ /* Ensure that the various buffer size methods don't overflow */ 834-+ int size = 0; 835-+ boolean exception = false; 836-+ try { 837-+ exception = false; 838-+ size = TJ.bufSize(18919, 18919, TJ.SAMP_444); 839-+ } catch (Exception e) { exception = true; } 840-+ if (!exception || size != 0) 841-+ throw new Exception("TJ.bufSize() overflow"); 842-+ try { 843-+ exception = false; 844-+ size = TJ.bufSizeYUV(26755, 1, 26755, TJ.SAMP_444); 845-+ } catch (Exception e) { exception = true; } 846-+ if (!exception || size != 0) 847-+ throw new Exception("TJ.bufSizeYUV() overflow"); 848-+ try { 849-+ exception = false; 850-+ size = TJ.bufSizeYUV(26754, 3, 26754, TJ.SAMP_444); 851-+ } catch (Exception e) { exception = true; } 852-+ if (!exception || size != 0) 853-+ throw new Exception("TJ.bufSizeYUV() overflow"); 854-+ try { 855-+ exception = false; 856-+ size = TJ.bufSizeYUV(26754, -1, 26754, TJ.SAMP_444); 857-+ } catch (Exception e) { exception = true; } 858-+ if (!exception || size != 0) 859-+ throw new Exception("TJ.bufSizeYUV() overflow"); 860-+ try { 861-+ exception = false; 862-+ size = TJ.planeSizeYUV(0, 46341, 0, 46341, TJ.SAMP_444); 863-+ } catch (Exception e) { exception = true; } 864-+ if (!exception || size != 0) 865-+ throw new Exception("TJ.planeSizeYUV() overflow"); 866-+ try { 867-+ exception = false; 868-+ size = TJ.planeWidth(0, Integer.MAX_VALUE, TJ.SAMP_420); 869-+ } catch (Exception e) { exception = true; } 870-+ if (!exception || size != 0) 871-+ throw new Exception("TJ.planeWidth() overflow"); 872-+ try { 873-+ exception = false; 874-+ size = TJ.planeHeight(0, Integer.MAX_VALUE, TJ.SAMP_420); 875-+ } catch (Exception e) { exception = true; } 876-+ if (!exception || size != 0) 877-+ throw new Exception("TJ.planeHeight() overflow"); 878-+ } 879-+ 880- static void bufSizeTest() throws Exception { 881- int w, h, i, subsamp; 882- byte[] srcBuf, dstBuf = null; 883-@@ -912,6 +960,7 @@ final class TJUnitTest { 884- } 885- if (doYUV) 886- FORMATS_4BYTE[4] = -1; 887-+ overflowTest(); 888- doTest(35, 39, bi ? FORMATS_3BYTEBI : FORMATS_3BYTE, TJ.SAMP_444, 889- testName); 890- doTest(39, 41, bi ? FORMATS_4BYTEBI : FORMATS_4BYTE, TJ.SAMP_444, 891-diff --git a/jchuff.h b/jchuff.h 892-index 314a232..da7809a 100644 893---- a/jchuff.h 894-+++ b/jchuff.h 895-@@ -3,8 +3,8 @@ 896- * 897- * This file was part of the Independent JPEG Group's software: 898- * Copyright (C) 1991-1997, Thomas G. Lane. 899-- * It was modified by The libjpeg-turbo Project to include only code relevant 900-- * to libjpeg-turbo. 901-+ * libjpeg-turbo Modifications: 902-+ * Copyright (C) 2022, D. R. Commander. 903- * For conditions of distribution and use, see the accompanying README.ijg 904- * file. 905- * 906-@@ -25,6 +25,14 @@ 907- #define MAX_COEF_BITS 14 908- #endif 909- 910-+/* The progressive Huffman encoder uses an unsigned 16-bit data type to store 911-+ * absolute values of coefficients, because it is possible to inject a 912-+ * coefficient value of -32768 into the encoder by attempting to transform a 913-+ * malformed 12-bit JPEG image, and the absolute value of -32768 would overflow 914-+ * a signed 16-bit integer. 915-+ */ 916-+typedef unsigned short UJCOEF; 917-+ 918- /* Derived data constructed for each Huffman table */ 919- 920- typedef struct { 921-diff --git a/jcphuff.c b/jcphuff.c 922-index 1101987..7c9d7cf 100644 923---- a/jcphuff.c 924-+++ b/jcphuff.c 925-@@ -5,7 +5,7 @@ 926- * Copyright (C) 1995-1997, Thomas G. Lane. 927- * libjpeg-turbo Modifications: 928- * Copyright (C) 2011, 2015, 2018, 2021, D. R. Commander. 929-- * Copyright (C) 2016, 2018, Matthieu Darbois. 930-+ * Copyright (C) 2016, 2018, 2022, Matthieu Darbois. 931- * Copyright (C) 2020, Arm Limited. 932- * Copyright (C) 2021, Alex Richardson. 933- * For conditions of distribution and use, see the accompanying README.ijg 934-@@ -83,11 +83,11 @@ typedef struct { 935- /* Pointer to routine to prepare data for encode_mcu_AC_first() */ 936- void (*AC_first_prepare) (const JCOEF *block, 937- const int *jpeg_natural_order_start, int Sl, 938-- int Al, JCOEF *values, size_t *zerobits); 939-+ int Al, UJCOEF *values, size_t *zerobits); 940- /* Pointer to routine to prepare data for encode_mcu_AC_refine() */ 941- int (*AC_refine_prepare) (const JCOEF *block, 942- const int *jpeg_natural_order_start, int Sl, 943-- int Al, JCOEF *absvalues, size_t *bits); 944-+ int Al, UJCOEF *absvalues, size_t *bits); 945- 946- /* Mode flag: TRUE for optimization, FALSE for actual data output */ 947- boolean gather_statistics; 948-@@ -157,14 +157,14 @@ METHODDEF(boolean) encode_mcu_DC_first(j_compress_ptr cinfo, 949- JBLOCKROW *MCU_data); 950- METHODDEF(void) encode_mcu_AC_first_prepare 951- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 952-- JCOEF *values, size_t *zerobits); 953-+ UJCOEF *values, size_t *zerobits); 954- METHODDEF(boolean) encode_mcu_AC_first(j_compress_ptr cinfo, 955- JBLOCKROW *MCU_data); 956- METHODDEF(boolean) encode_mcu_DC_refine(j_compress_ptr cinfo, 957- JBLOCKROW *MCU_data); 958- METHODDEF(int) encode_mcu_AC_refine_prepare 959- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 960-- JCOEF *absvalues, size_t *bits); 961-+ UJCOEF *absvalues, size_t *bits); 962- METHODDEF(boolean) encode_mcu_AC_refine(j_compress_ptr cinfo, 963- JBLOCKROW *MCU_data); 964- METHODDEF(void) finish_pass_phuff(j_compress_ptr cinfo); 965-@@ -584,8 +584,8 @@ encode_mcu_DC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 966- continue; \ 967- /* For a negative coef, want temp2 = bitwise complement of abs(coef) */ \ 968- temp2 ^= temp; \ 969-- values[k] = temp; \ 970-- values[k + DCTSIZE2] = temp2; \ 971-+ values[k] = (UJCOEF)temp; \ 972-+ values[k + DCTSIZE2] = (UJCOEF)temp2; \ 973- zerobits |= ((size_t)1U) << k; \ 974- } \ 975- } 976-@@ -593,7 +593,7 @@ encode_mcu_DC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 977- METHODDEF(void) 978- encode_mcu_AC_first_prepare(const JCOEF *block, 979- const int *jpeg_natural_order_start, int Sl, 980-- int Al, JCOEF *values, size_t *bits) 981-+ int Al, UJCOEF *values, size_t *bits) 982- { 983- register int k, temp, temp2; 984- size_t zerobits = 0U; 985-@@ -666,9 +666,9 @@ encode_mcu_AC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 986- register int nbits, r; 987- int Sl = cinfo->Se - cinfo->Ss + 1; 988- int Al = cinfo->Al; 989-- JCOEF values_unaligned[2 * DCTSIZE2 + 15]; 990-- JCOEF *values; 991-- const JCOEF *cvalue; 992-+ UJCOEF values_unaligned[2 * DCTSIZE2 + 15]; 993-+ UJCOEF *values; 994-+ const UJCOEF *cvalue; 995- size_t zerobits; 996- size_t bits[8 / SIZEOF_SIZE_T]; 997- 998-@@ -681,7 +681,7 @@ encode_mcu_AC_first(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 999- emit_restart(entropy, entropy->next_restart_num); 1000- 1001- #ifdef WITH_SIMD 1002-- cvalue = values = (JCOEF *)PAD((JUINTPTR)values_unaligned, 16); 1003-+ cvalue = values = (UJCOEF *)PAD((size_t)values_unaligned, 16); 1004- #else 1005- /* Not using SIMD, so alignment is not needed */ 1006- cvalue = values = values_unaligned; 1007-@@ -815,7 +815,7 @@ encode_mcu_DC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 1008- zerobits |= ((size_t)1U) << k; \ 1009- signbits |= ((size_t)(temp2 + 1)) << k; \ 1010- } \ 1011-- absvalues[k] = (JCOEF)temp; /* save abs value for main pass */ \ 1012-+ absvalues[k] = (UJCOEF)temp; /* save abs value for main pass */ \ 1013- if (temp == 1) \ 1014- EOB = k + koffset; /* EOB = index of last newly-nonzero coef */ \ 1015- } \ 1016-@@ -824,7 +824,7 @@ encode_mcu_DC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 1017- METHODDEF(int) 1018- encode_mcu_AC_refine_prepare(const JCOEF *block, 1019- const int *jpeg_natural_order_start, int Sl, 1020-- int Al, JCOEF *absvalues, size_t *bits) 1021-+ int Al, UJCOEF *absvalues, size_t *bits) 1022- { 1023- register int k, temp, temp2; 1024- int EOB = 0; 1025-@@ -931,9 +931,9 @@ encode_mcu_AC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 1026- unsigned int BR; 1027- int Sl = cinfo->Se - cinfo->Ss + 1; 1028- int Al = cinfo->Al; 1029-- JCOEF absvalues_unaligned[DCTSIZE2 + 15]; 1030-- JCOEF *absvalues; 1031-- const JCOEF *cabsvalue, *EOBPTR; 1032-+ UJCOEF absvalues_unaligned[DCTSIZE2 + 15]; 1033-+ UJCOEF *absvalues; 1034-+ const UJCOEF *cabsvalue, *EOBPTR; 1035- size_t zerobits, signbits; 1036- size_t bits[16 / SIZEOF_SIZE_T]; 1037- 1038-@@ -946,7 +946,7 @@ encode_mcu_AC_refine(j_compress_ptr cinfo, JBLOCKROW *MCU_data) 1039- emit_restart(entropy, entropy->next_restart_num); 1040- 1041- #ifdef WITH_SIMD 1042-- cabsvalue = absvalues = (JCOEF *)PAD((JUINTPTR)absvalues_unaligned, 16); 1043-+ cabsvalue = absvalues = (UJCOEF *)PAD((size_t)absvalues_unaligned, 16); 1044- #else 1045- /* Not using SIMD, so alignment is not needed */ 1046- cabsvalue = absvalues = absvalues_unaligned; 1047-diff --git a/jerror.c b/jerror.c 1048-index 936c4f5..aa0c6ee 100644 1049---- a/jerror.c 1050-+++ b/jerror.c 1051-@@ -27,6 +27,8 @@ 1052- #include "jversion.h" 1053- #include "jerror.h" 1054- 1055-+#include <stdlib.h> 1056-+ 1057- #ifdef USE_WINDOWS_MESSAGEBOX 1058- #include <windows.h> 1059- #endif 1060-diff --git a/jsimd.h b/jsimd.h 1061-index 6c20365..f3a87ee 100644 1062---- a/jsimd.h 1063-+++ b/jsimd.h 1064-@@ -114,10 +114,10 @@ EXTERN(int) jsimd_can_encode_mcu_AC_first_prepare(void); 1065- 1066- EXTERN(void) jsimd_encode_mcu_AC_first_prepare 1067- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 1068-- JCOEF *values, size_t *zerobits); 1069-+ UJCOEF *values, size_t *zerobits); 1070- 1071- EXTERN(int) jsimd_can_encode_mcu_AC_refine_prepare(void); 1072- 1073- EXTERN(int) jsimd_encode_mcu_AC_refine_prepare 1074- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 1075-- JCOEF *absvalues, size_t *bits); 1076-+ UJCOEF *absvalues, size_t *bits); 1077-diff --git a/jsimd_none.c b/jsimd_none.c 1078-index 5b38a9f..a25db73 100644 1079---- a/jsimd_none.c 1080-+++ b/jsimd_none.c 1081-@@ -2,8 +2,8 @@ 1082- * jsimd_none.c 1083- * 1084- * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 1085-- * Copyright (C) 2009-2011, 2014, D. R. Commander. 1086-- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 1087-+ * Copyright (C) 2009-2011, 2014, 2022, D. R. Commander. 1088-+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 1089- * Copyright (C) 2020, Arm Limited. 1090- * 1091- * Based on the x86 SIMD extension for IJG JPEG library, 1092-@@ -412,7 +412,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 1093- GLOBAL(void) 1094- jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 1095- const int *jpeg_natural_order_start, int Sl, 1096-- int Al, JCOEF *values, size_t *zerobits) 1097-+ int Al, UJCOEF *values, size_t *zerobits) 1098- { 1099- } 1100- 1101-@@ -425,7 +425,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 1102- GLOBAL(int) 1103- jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 1104- const int *jpeg_natural_order_start, int Sl, 1105-- int Al, JCOEF *absvalues, size_t *bits) 1106-+ int Al, UJCOEF *absvalues, size_t *bits) 1107- { 1108- return 0; 1109- } 1110-diff --git a/simd/arm/aarch32/jsimd.c b/simd/arm/aarch32/jsimd.c 1111-index fac55df..d6568c5 100644 1112---- a/simd/arm/aarch32/jsimd.c 1113-+++ b/simd/arm/aarch32/jsimd.c 1114-@@ -4,7 +4,7 @@ 1115- * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 1116- * Copyright (C) 2011, Nokia Corporation and/or its subsidiary(-ies). 1117- * Copyright (C) 2009-2011, 2013-2014, 2016, 2018, D. R. Commander. 1118-- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 1119-+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 1120- * Copyright (C) 2019, Google LLC. 1121- * Copyright (C) 2020, Arm Limited. 1122- * 1123-@@ -950,7 +950,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 1124- GLOBAL(void) 1125- jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 1126- const int *jpeg_natural_order_start, int Sl, 1127-- int Al, JCOEF *values, size_t *zerobits) 1128-+ int Al, UJCOEF *values, size_t *zerobits) 1129- { 1130- jsimd_encode_mcu_AC_first_prepare_neon(block, jpeg_natural_order_start, 1131- Sl, Al, values, zerobits); 1132-@@ -975,7 +975,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 1133- GLOBAL(int) 1134- jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 1135- const int *jpeg_natural_order_start, int Sl, 1136-- int Al, JCOEF *absvalues, size_t *bits) 1137-+ int Al, UJCOEF *absvalues, size_t *bits) 1138- { 1139- return jsimd_encode_mcu_AC_refine_prepare_neon(block, 1140- jpeg_natural_order_start, Sl, 1141-diff --git a/simd/arm/aarch64/jsimd.c b/simd/arm/aarch64/jsimd.c 1142-index 8570b82..7de4f9a 100644 1143---- a/simd/arm/aarch64/jsimd.c 1144-+++ b/simd/arm/aarch64/jsimd.c 1145-@@ -4,7 +4,7 @@ 1146- * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 1147- * Copyright (C) 2011, Nokia Corporation and/or its subsidiary(-ies). 1148- * Copyright (C) 2009-2011, 2013-2014, 2016, 2018, 2020, D. R. Commander. 1149-- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 1150-+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 1151- * Copyright (C) 2020, Arm Limited. 1152- * 1153- * Based on the x86 SIMD extension for IJG JPEG library, 1154-@@ -1028,7 +1028,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 1155- GLOBAL(void) 1156- jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 1157- const int *jpeg_natural_order_start, int Sl, 1158-- int Al, JCOEF *values, size_t *zerobits) 1159-+ int Al, UJCOEF *values, size_t *zerobits) 1160- { 1161- jsimd_encode_mcu_AC_first_prepare_neon(block, jpeg_natural_order_start, 1162- Sl, Al, values, zerobits); 1163-@@ -1055,7 +1055,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 1164- GLOBAL(int) 1165- jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 1166- const int *jpeg_natural_order_start, int Sl, 1167-- int Al, JCOEF *absvalues, size_t *bits) 1168-+ int Al, UJCOEF *absvalues, size_t *bits) 1169- { 1170- return jsimd_encode_mcu_AC_refine_prepare_neon(block, 1171- jpeg_natural_order_start, 1172-diff --git a/simd/arm/jcphuff-neon.c b/simd/arm/jcphuff-neon.c 1173-index b91c5db..2640097 100644 1174---- a/simd/arm/jcphuff-neon.c 1175-+++ b/simd/arm/jcphuff-neon.c 1176-@@ -41,7 +41,7 @@ 1177- 1178- void jsimd_encode_mcu_AC_first_prepare_neon 1179- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 1180-- JCOEF *values, size_t *zerobits) 1181-+ UJCOEF *values, size_t *zerobits) 1182- { 1183- JCOEF *values_ptr = values; 1184- JCOEF *diff_values_ptr = values + DCTSIZE2; 1185-@@ -274,7 +274,7 @@ void jsimd_encode_mcu_AC_first_prepare_neon 1186- 1187- int jsimd_encode_mcu_AC_refine_prepare_neon 1188- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 1189-- JCOEF *absvalues, size_t *bits) 1190-+ UJCOEF *absvalues, size_t *bits) 1191- { 1192- /* Temporary storage buffers for data used to compute the signbits bitmap and 1193- * the end-of-block (EOB) position 1194-diff --git a/simd/i386/jsimd.c b/simd/i386/jsimd.c 1195-index 563949a..ebe0767 100644 1196---- a/simd/i386/jsimd.c 1197-+++ b/simd/i386/jsimd.c 1198-@@ -3,7 +3,7 @@ 1199- * 1200- * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 1201- * Copyright (C) 2009-2011, 2013-2014, 2016, 2018, D. R. Commander. 1202-- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 1203-+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 1204- * 1205- * Based on the x86 SIMD extension for IJG JPEG library, 1206- * Copyright (C) 1999-2006, MIYASAKA Masaru. 1207-@@ -1219,7 +1219,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 1208- GLOBAL(void) 1209- jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 1210- const int *jpeg_natural_order_start, int Sl, 1211-- int Al, JCOEF *values, size_t *zerobits) 1212-+ int Al, UJCOEF *values, size_t *zerobits) 1213- { 1214- jsimd_encode_mcu_AC_first_prepare_sse2(block, jpeg_natural_order_start, 1215- Sl, Al, values, zerobits); 1216-@@ -1245,7 +1245,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 1217- GLOBAL(int) 1218- jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 1219- const int *jpeg_natural_order_start, int Sl, 1220-- int Al, JCOEF *absvalues, size_t *bits) 1221-+ int Al, UJCOEF *absvalues, size_t *bits) 1222- { 1223- return jsimd_encode_mcu_AC_refine_prepare_sse2(block, 1224- jpeg_natural_order_start, 1225-diff --git a/simd/jsimd.h b/simd/jsimd.h 1226-index 64747c6..abebbf4 100644 1227---- a/simd/jsimd.h 1228-+++ b/simd/jsimd.h 1229-@@ -5,7 +5,7 @@ 1230- * Copyright (C) 2011, 2014-2016, 2018, 2020, D. R. Commander. 1231- * Copyright (C) 2013-2014, MIPS Technologies, Inc., California. 1232- * Copyright (C) 2014, Linaro Limited. 1233-- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 1234-+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 1235- * Copyright (C) 2016-2018, Loongson Technology Corporation Limited, BeiJing. 1236- * Copyright (C) 2020, Arm Limited. 1237- * 1238-@@ -15,6 +15,8 @@ 1239- * 1240- */ 1241- 1242-+#include <stdlib.h> 1243-+ 1244- /* Bitmask for supported acceleration methods */ 1245- 1246- #define JSIMD_NONE 0x00 1247-@@ -1243,16 +1245,16 @@ EXTERN(JOCTET *) jsimd_huff_encode_one_block_neon_slowtbl 1248- /* Progressive Huffman encoding */ 1249- EXTERN(void) jsimd_encode_mcu_AC_first_prepare_sse2 1250- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 1251-- JCOEF *values, size_t *zerobits); 1252-+ UJCOEF *values, size_t *zerobits); 1253- 1254- EXTERN(void) jsimd_encode_mcu_AC_first_prepare_neon 1255- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 1256-- JCOEF *values, size_t *zerobits); 1257-+ UJCOEF *values, size_t *zerobits); 1258- 1259- EXTERN(int) jsimd_encode_mcu_AC_refine_prepare_sse2 1260- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 1261-- JCOEF *absvalues, size_t *bits); 1262-+ UJCOEF *absvalues, size_t *bits); 1263- 1264- EXTERN(int) jsimd_encode_mcu_AC_refine_prepare_neon 1265- (const JCOEF *block, const int *jpeg_natural_order_start, int Sl, int Al, 1266-- JCOEF *absvalues, size_t *bits); 1267-+ UJCOEF *absvalues, size_t *bits); 1268-diff --git a/simd/mips/jsimd.c b/simd/mips/jsimd.c 1269-index d2546ee..9be0a96 100644 1270---- a/simd/mips/jsimd.c 1271-+++ b/simd/mips/jsimd.c 1272-@@ -4,7 +4,7 @@ 1273- * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 1274- * Copyright (C) 2009-2011, 2014, 2016, 2018, 2020, D. R. Commander. 1275- * Copyright (C) 2013-2014, MIPS Technologies, Inc., California. 1276-- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 1277-+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 1278- * 1279- * Based on the x86 SIMD extension for IJG JPEG library, 1280- * Copyright (C) 1999-2006, MIYASAKA Masaru. 1281-@@ -1128,7 +1128,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 1282- GLOBAL(void) 1283- jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 1284- const int *jpeg_natural_order_start, int Sl, 1285-- int Al, JCOEF *values, size_t *zerobits) 1286-+ int Al, UJCOEF *values, size_t *zerobits) 1287- { 1288- } 1289- 1290-@@ -1141,7 +1141,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 1291- GLOBAL(int) 1292- jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 1293- const int *jpeg_natural_order_start, int Sl, 1294-- int Al, JCOEF *absvalues, size_t *bits) 1295-+ int Al, UJCOEF *absvalues, size_t *bits) 1296- { 1297- return 0; 1298- } 1299-diff --git a/simd/mips64/jsimd.c b/simd/mips64/jsimd.c 1300-index e8f1af5..bb9785b 100644 1301---- a/simd/mips64/jsimd.c 1302-+++ b/simd/mips64/jsimd.c 1303-@@ -851,7 +851,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 1304- GLOBAL(void) 1305- jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 1306- const int *jpeg_natural_order_start, int Sl, 1307-- int Al, JCOEF *values, size_t *zerobits) 1308-+ int Al, UJCOEF *values, size_t *zerobits) 1309- { 1310- } 1311- 1312-@@ -864,7 +864,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 1313- GLOBAL(int) 1314- jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 1315- const int *jpeg_natural_order_start, int Sl, 1316-- int Al, JCOEF *absvalues, size_t *bits) 1317-+ int Al, UJCOEF *absvalues, size_t *bits) 1318- { 1319- return 0; 1320- } 1321-diff --git a/simd/powerpc/jsimd.c b/simd/powerpc/jsimd.c 1322-index d0d3981..8affc5e 100644 1323---- a/simd/powerpc/jsimd.c 1324-+++ b/simd/powerpc/jsimd.c 1325-@@ -3,7 +3,7 @@ 1326- * 1327- * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 1328- * Copyright (C) 2009-2011, 2014-2016, 2018, D. R. Commander. 1329-- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 1330-+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 1331- * 1332- * Based on the x86 SIMD extension for IJG JPEG library, 1333- * Copyright (C) 1999-2006, MIYASAKA Masaru. 1334-@@ -853,7 +853,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 1335- GLOBAL(void) 1336- jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 1337- const int *jpeg_natural_order_start, int Sl, 1338-- int Al, JCOEF *values, size_t *zerobits) 1339-+ int Al, UJCOEF *values, size_t *zerobits) 1340- { 1341- } 1342- 1343-@@ -866,7 +866,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 1344- GLOBAL(int) 1345- jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 1346- const int *jpeg_natural_order_start, int Sl, 1347-- int Al, JCOEF *absvalues, size_t *bits) 1348-+ int Al, UJCOEF *absvalues, size_t *bits) 1349- { 1350- return 0; 1351- } 1352-diff --git a/simd/x86_64/jsimd.c b/simd/x86_64/jsimd.c 1353-index eb76679..1ede507 100644 1354---- a/simd/x86_64/jsimd.c 1355-+++ b/simd/x86_64/jsimd.c 1356-@@ -3,7 +3,7 @@ 1357- * 1358- * Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio AB 1359- * Copyright (C) 2009-2011, 2014, 2016, 2018, D. R. Commander. 1360-- * Copyright (C) 2015-2016, 2018, Matthieu Darbois. 1361-+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois. 1362- * 1363- * Based on the x86 SIMD extension for IJG JPEG library, 1364- * Copyright (C) 1999-2006, MIYASAKA Masaru. 1365-@@ -1040,7 +1040,7 @@ jsimd_can_encode_mcu_AC_first_prepare(void) 1366- GLOBAL(void) 1367- jsimd_encode_mcu_AC_first_prepare(const JCOEF *block, 1368- const int *jpeg_natural_order_start, int Sl, 1369-- int Al, JCOEF *values, size_t *zerobits) 1370-+ int Al, UJCOEF *values, size_t *zerobits) 1371- { 1372- jsimd_encode_mcu_AC_first_prepare_sse2(block, jpeg_natural_order_start, 1373- Sl, Al, values, zerobits); 1374-@@ -1064,7 +1064,7 @@ jsimd_can_encode_mcu_AC_refine_prepare(void) 1375- GLOBAL(int) 1376- jsimd_encode_mcu_AC_refine_prepare(const JCOEF *block, 1377- const int *jpeg_natural_order_start, int Sl, 1378-- int Al, JCOEF *absvalues, size_t *bits) 1379-+ int Al, UJCOEF *absvalues, size_t *bits) 1380- { 1381- return jsimd_encode_mcu_AC_refine_prepare_sse2(block, 1382- jpeg_natural_order_start, 1383-diff --git a/tjbench.c b/tjbench.c 1384-index 156c906..8c83025 100644 1385---- a/tjbench.c 1386-+++ b/tjbench.c 1387-@@ -592,10 +592,16 @@ static int decompTest(char *fileName) 1388- if ((flags & TJFLAG_NOREALLOC) != 0 && 1389- (doTile || xformOp != TJXOP_NONE || xformOpt != 0 || customFilter)) 1390- for (i = 0; i < ntilesw * ntilesh; i++) { 1391-- if (tjBufSize(tilew, tileh, subsamp) > (unsigned long)INT_MAX) 1392-+ unsigned long jpegBufSize; 1393-+ 1394-+ if (xformOp == TJXOP_TRANSPOSE || xformOp == TJXOP_TRANSVERSE || 1395-+ xformOp == TJXOP_ROT90 || xformOp == TJXOP_ROT270) 1396-+ jpegBufSize = tjBufSize(tileh, tilew, subsamp); 1397-+ else 1398-+ jpegBufSize = tjBufSize(tilew, tileh, subsamp); 1399-+ if (jpegBufSize > (unsigned long)INT_MAX) 1400- THROW("getting buffer size", "Image is too large"); 1401-- if ((jpegBuf[i] = (unsigned char *) 1402-- tjAlloc(tjBufSize(tilew, tileh, subsamp))) == NULL) 1403-+ if ((jpegBuf[i] = (unsigned char *)tjAlloc(jpegBufSize)) == NULL) 1404- THROW_UNIX("allocating JPEG tiles"); 1405- } 1406- 1407-diff --git a/tjexample.c b/tjexample.c 1408-index a9cd865..2ac1fed 100644 1409---- a/tjexample.c 1410-+++ b/tjexample.c 1411-@@ -32,6 +32,7 @@ 1412- * images using the TurboJPEG C API 1413- */ 1414- 1415-+#include <limits.h> 1416- #include <stdio.h> 1417- #include <stdlib.h> 1418- #include <string.h> 1419-@@ -273,6 +274,8 @@ int main(int argc, char **argv) 1420- if (size == 0) 1421- THROW("determining input file size", "Input file contains no data"); 1422- jpegSize = (unsigned long)size; 1423-+ if (jpegSize > (unsigned long)INT_MAX) 1424-+ THROW("allocating JPEG buffer", "Input file is too large"); 1425- if ((jpegBuf = (unsigned char *)tjAlloc(jpegSize)) == NULL) 1426- THROW_UNIX("allocating JPEG buffer"); 1427- if (fread(jpegBuf, jpegSize, 1, jpegFile) < 1) 1428-@@ -330,8 +333,12 @@ int main(int argc, char **argv) 1429- outSubsamp = inSubsamp; 1430- 1431- pixelFormat = TJPF_BGRX; 1432-- if ((imgBuf = (unsigned char *)tjAlloc(width * height * 1433-- tjPixelSize[pixelFormat])) == NULL) 1434-+ if ((unsigned long long)width * height * tjPixelSize[pixelFormat] > 1435-+ (unsigned long long)((size_t)-1)) 1436-+ THROW("allocating uncompressed image buffer", "Image is too large"); 1437-+ if ((imgBuf = 1438-+ (unsigned char *)malloc(sizeof(unsigned char) * width * height * 1439-+ tjPixelSize[pixelFormat])) == NULL) 1440- THROW_UNIX("allocating uncompressed image buffer"); 1441- 1442- if (tjDecompress2(tjInstance, jpegBuf, jpegSize, imgBuf, width, 0, height, 1443-diff --git a/tjunittest.c b/tjunittest.c 1444-index f59939f..38ada63 100644 1445---- a/tjunittest.c 1446-+++ b/tjunittest.c 1447-@@ -33,6 +33,7 @@ 1448- #include <stdio.h> 1449- #include <stdlib.h> 1450- #include <string.h> 1451-+#include <limits.h> 1452- #include <errno.h> 1453- #include "tjutil.h" 1454- #include "turbojpeg.h" 1455-@@ -566,11 +567,16 @@ bailout: 1456- THROW(#function " overflow"); \ 1457- } 1458- #endif 1459-+#define CHECKSIZEINT(function) { \ 1460-+ if (intsize != -1 || !strcmp(tjGetErrorStr2(NULL), "No error")) \ 1461-+ THROW(#function " overflow"); \ 1462-+} 1463- 1464- static void overflowTest(void) 1465- { 1466- /* Ensure that the various buffer size functions don't overflow */ 1467- unsigned long size; 1468-+ int intsize; 1469- 1470- size = tjBufSize(26755, 26755, TJSAMP_444); 1471- CHECKSIZE(tjBufSize()); 1472-@@ -584,6 +590,10 @@ static void overflowTest(void) 1473- CHECKSIZE(tjBufSizeYUV()); 1474- size = tjPlaneSizeYUV(0, 65536, 0, 65536, TJSAMP_444); 1475- CHECKSIZE(tjPlaneSizeYUV()); 1476-+ intsize = tjPlaneWidth(0, INT_MAX, TJSAMP_420); 1477-+ CHECKSIZEINT(tjPlaneWidth()); 1478-+ intsize = tjPlaneHeight(0, INT_MAX, TJSAMP_420); 1479-+ CHECKSIZEINT(tjPlaneHeight()); 1480- 1481- bailout: 1482- return; 1483-diff --git a/turbojpeg-jni.c b/turbojpeg-jni.c 1484-index 1b728e3..053edbd 100644 1485---- a/turbojpeg-jni.c 1486-+++ b/turbojpeg-jni.c 1487-@@ -26,6 +26,7 @@ 1488- * POSSIBILITY OF SUCH DAMAGE. 1489- */ 1490- 1491-+#include <limits.h> 1492- #include <stdlib.h> 1493- #include <string.h> 1494- #include "turbojpeg.h" 1495-@@ -128,24 +129,28 @@ bailout: 1496- JNIEXPORT jint JNICALL Java_org_libjpegturbo_turbojpeg_TJ_bufSize 1497- (JNIEnv *env, jclass cls, jint width, jint height, jint jpegSubsamp) 1498- { 1499-- jint retval = (jint)tjBufSize(width, height, jpegSubsamp); 1500-+ unsigned long retval = tjBufSize(width, height, jpegSubsamp); 1501- 1502-- if (retval == -1) THROW_ARG(tjGetErrorStr()); 1503-+ if (retval == (unsigned long)-1) THROW_ARG(tjGetErrorStr()); 1504-+ if (retval > (unsigned long)INT_MAX) 1505-+ THROW_ARG("Image is too large"); 1506- 1507- bailout: 1508-- return retval; 1509-+ return (jint)retval; 1510- } 1511- 1512- /* TurboJPEG 1.4.x: TJ::bufSizeYUV() */ 1513- JNIEXPORT jint JNICALL Java_org_libjpegturbo_turbojpeg_TJ_bufSizeYUV__IIII 1514- (JNIEnv *env, jclass cls, jint width, jint pad, jint height, jint subsamp) 1515- { 1516-- jint retval = (jint)tjBufSizeYUV2(width, pad, height, subsamp); 1517-+ unsigned long retval = tjBufSizeYUV2(width, align, height, subsamp); 1518- 1519-- if (retval == -1) THROW_ARG(tjGetErrorStr()); 1520-+ if (retval == (unsigned long)-1) THROW_ARG(tjGetErrorStr()); 1521-+ if (retval > (unsigned long)INT_MAX) 1522-+ THROW_ARG("Image is too large"); 1523- 1524- bailout: 1525-- return retval; 1526-+ return (jint)retval; 1527- } 1528- 1529- /* TurboJPEG 1.2.x: TJ::bufSizeYUV() */ 1530-@@ -162,13 +167,15 @@ JNIEXPORT jint JNICALL Java_org_libjpegturbo_turbojpeg_TJ_planeSizeYUV__IIIII 1531- (JNIEnv *env, jclass cls, jint componentID, jint width, jint stride, 1532- jint height, jint subsamp) 1533- { 1534-- jint retval = (jint)tjPlaneSizeYUV(componentID, width, stride, height, 1535-- subsamp); 1536-+ unsigned long retval = tjPlaneSizeYUV(componentID, width, stride, height, 1537-+ subsamp); 1538- 1539-- if (retval == -1) THROW_ARG(tjGetErrorStr()); 1540-+ if (retval == (unsigned long)-1) THROW_ARG(tjGetErrorStr()); 1541-+ if (retval > (unsigned long)INT_MAX) 1542-+ THROW_ARG("Image is too large"); 1543- 1544- bailout: 1545-- return retval; 1546-+ return (jint)retval; 1547- } 1548- 1549- /* TurboJPEG 1.4.x: TJ::planeWidth() */ 1550-@@ -1176,6 +1183,10 @@ JNIEXPORT jintArray JNICALL Java_org_libjpegturbo_turbojpeg_TJTransformer_transf 1551- for (i = 0; i < n; i++) { 1552- int w = jpegWidth, h = jpegHeight; 1553- 1554-+ if (t[i].op == TJXOP_TRANSPOSE || t[i].op == TJXOP_TRANSVERSE || 1555-+ t[i].op == TJXOP_ROT90 || t[i].op == TJXOP_ROT270) { 1556-+ w = jpegHeight; h = jpegWidth; 1557-+ } 1558- if (t[i].r.w != 0) w = t[i].r.w; 1559- if (t[i].r.h != 0) h = t[i].r.h; 1560- BAILIF0(jdstBufs[i] = (*env)->GetObjectArrayElement(env, dstobjs, i)); 1561-diff --git a/turbojpeg.c b/turbojpeg.c 1562-index 47c5999..6c425be 100644 1563---- a/turbojpeg.c 1564-+++ b/turbojpeg.c 1565-@@ -33,6 +33,7 @@ 1566- #include <stdio.h> 1567- #include <stdlib.h> 1568- #include <ctype.h> 1569-+#include <limits.h> 1570- #include <jinclude.h> 1571- #define JPEG_INTERNALS 1572- #include <jpeglib.h> 1573-@@ -599,7 +600,8 @@ DLLEXPORT unsigned long TJBUFSIZEYUV(int width, int height, int subsamp) 1574- 1575- DLLEXPORT int tjPlaneWidth(int componentID, int width, int subsamp) 1576- { 1577-- int pw, nc, retval = 0; 1578-+ unsigned long long pw, retval = 0; 1579-+ int nc; 1580- 1581- if (width < 1 || subsamp < 0 || subsamp >= TJ_NUMSAMP) 1582- THROWG("tjPlaneWidth(): Invalid argument"); 1583-@@ -613,14 +615,18 @@ DLLEXPORT int tjPlaneWidth(int componentID, int width, int subsamp) 1584- else 1585- retval = pw * 8 / tjMCUWidth[subsamp]; 1586- 1587-+ if (retval > (unsigned long long)INT_MAX) 1588-+ THROWG("tjPlaneWidth(): Width is too large"); 1589-+ 1590- bailout: 1591-- return retval; 1592-+ return (int)retval; 1593- } 1594- 1595- 1596- DLLEXPORT int tjPlaneHeight(int componentID, int height, int subsamp) 1597- { 1598-- int ph, nc, retval = 0; 1599-+ unsigned long long ph, retval = 0; 1600-+ int nc; 1601- 1602- if (height < 1 || subsamp < 0 || subsamp >= TJ_NUMSAMP) 1603- THROWG("tjPlaneHeight(): Invalid argument"); 1604-@@ -634,8 +640,11 @@ DLLEXPORT int tjPlaneHeight(int componentID, int height, int subsamp) 1605- else 1606- retval = ph * 8 / tjMCUHeight[subsamp]; 1607- 1608-+ if (retval > (unsigned long long)INT_MAX) 1609-+ THROWG("tjPlaneHeight(): Height is too large"); 1610-+ 1611- bailout: 1612-- return retval; 1613-+ return (int)retval; 1614- } 1615- 1616- 1617-@@ -1985,6 +1994,10 @@ DLLEXPORT int tjTransform(tjhandle handle, const unsigned char *jpegBuf, 1618- 1619- if (!xinfo[i].crop) { 1620- w = dinfo->image_width; h = dinfo->image_height; 1621-+ if (t[i].op == TJXOP_TRANSPOSE || t[i].op == TJXOP_TRANSVERSE || 1622-+ t[i].op == TJXOP_ROT90 || t[i].op == TJXOP_ROT270) { 1623-+ w = dinfo->image_height; h = dinfo->image_width; 1624-+ } 1625- } else { 1626- w = xinfo[i].crop_width; h = xinfo[i].crop_height; 1627- } 1628