merge with upstream

Author: nyfair

3rdparty/libjxl/CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.11.2] - 2026-02-10
+
+### Fixed
+  - fix tile dimension in low memory rendering pipeline (#4495 -
+    [CVE-2025-12474](https://www.cve.org/cverecord?id=CVE-2025-12474))
+  - fix number of channels for gray-to-gray color transform (#4579 -
+    [CVE-2026-1837](https://www.cve.org/cverecord?id=CVE-2026-1837))
+  - `djxl`: reject decoding JXL files if "packed" representation size overflows
+    `size_t` (#4589 - thanks to Mateusz Jurczyk of Google Project Zero for
+    identifying this issue)
+
 ## [0.11.1] - 2024-26-11
 
 ### Fixed

3rdparty/libjxl/MODULE.bazel

@@ -3,10 +3,24 @@
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
-bazel_dep(name = "bazel_skylib", version = "1.7.1")
-bazel_dep(name = "giflib", version = "5.2.1")
+module(
+    name = "libjxl",
+    repo_name = "libjxl",
+)
+
+bazel_dep(name = "bazel_skylib", version = "1.8.2")
+bazel_dep(name = "brotli", version = "1.1.0")
+bazel_dep(name = "giflib", version = "5.2.1.bcr.1")
 bazel_dep(name = "googletest", version = "1.14.0")
 bazel_dep(name = "libjpeg_turbo", version = "2.1.91")
-bazel_dep(name = "libpng", version = "1.6.40")
-bazel_dep(name = "libwebp", version = "1.3.2")
+bazel_dep(name = "libpng", version = "1.6.50.bcr.1")
+bazel_dep(name = "libwebp", version = "1.6.0")
 bazel_dep(name = "openexr", version = "3.2.1")
+bazel_dep(name = "skcms", version = "20250916.0")
+
+# Requires patching `MODULE.bazel` and `BUILD` files
+bazel_dep(name = "highway", version = "1.2.0")
+local_path_override(
+    module_name = "highway",
+    path = "third_party/highway",
+)

3rdparty/libjxl/MODULE.bazel.lock

@@ -15,6 +15,10 @@ OS=`uname -s`
 SELF=$(realpath "$0")
 MYDIR=$(dirname "${SELF}")
 
+### Colors
+TEXT_BOLD_PURPLE="\033[1;35m"
+TEXT_RESET="\033[0m"
+
 ### Environment parameters:
 TEST_STACK_LIMIT="${TEST_STACK_LIMIT:-256}"
 BENCHMARK_NUM_THREADS="${BENCHMARK_NUM_THREADS:-0}"
@@ -40,6 +44,7 @@ fi
 POST_MESSAGE_ON_ERROR="${POST_MESSAGE_ON_ERROR:-1}"
 # By default, do a lightweight debian HWY package build.
 HWY_PKG_OPTIONS="${HWY_PKG_OPTIONS:---set-envvar=HWY_EXTRA_CONFIG=-DBUILD_TESTING=OFF -DHWY_ENABLE_EXAMPLES=OFF -DHWY_ENABLE_CONTRIB=OFF}"
+EXCLUDE_DEBIAN_PACKAGES="${EXCLUDE_DEBIAN_PACKAGES:-}"
 
 # Set default compilers to clang if not already set
 export CC=${CC:-clang}
@@ -708,7 +713,9 @@ cmd_msan_install() {
       ["15"]="15.0.7"
       ["16"]="16.0.6"
       ["17"]="17.0.6"
-      ["18"]="18.1.6"
+      ["18"]="18.1.8"
+      ["19"]="19.1.7"
+      ["20"]="20.1.2"
     ) 
     local llvm_tag="${CLANG_VERSION}.0.0"
     if [[ -n "${llvm_tag_by_version["${CLANG_VERSION}"]}" ]]; then
@@ -1221,6 +1228,8 @@ cmd_lint() {
       echo 'To fix them run (from the base directory):' >&2
       echo '  buildifier `git ls-files | grep -E "/BUILD$|WORKSPACE|.bzl$"`' >&2
     fi
+  else
+    echo -e "${TEXT_BOLD_PURPLE}SKIPPED:${TEXT_RESET} buildifier (not installed)"
   fi
 
   # It is ok, if spell-checker is not installed.
@@ -1229,7 +1238,7 @@ cmd_lint() {
     local sources=`git -C "${MYDIR}" ls-files | grep -E "\.(${src_ext})$"`
     typos -c "${MYDIR}/tools/scripts/typos.toml" ${sources}
   else
-    echo "Consider installing https://github.com/crate-ci/typos for spell-checking"
+    echo -e "${TEXT_BOLD_PURPLE}SKIPPED:${TEXT_RESET} typos not installed; try: cargo install typos-cli"
   fi
 
   local installed=()
@@ -1370,6 +1379,11 @@ build_debian_pkg() {
       ln -s "${srcdir}/$f" "${builddir}/$f"
     fi
   done
+  if [[ -n "${EXCLUDE_DEBIAN_PACKAGES}" ]]; then
+    # TODO(eustas): support comma-separated list
+    rm -f "${builddir}"/debian/${EXCLUDE_DEBIAN_PACKAGES}.install
+    sed -i "/Package: ${EXCLUDE_DEBIAN_PACKAGES}/,/\n/d" "${builddir}"/debian/control
+  fi
   (
     cd "${builddir}"
     debuild "${options}" -b -uc -us

3rdparty/libjxl/WORKSPACE

@@ -16,12 +16,12 @@ MYDIR=$(dirname "${SELF}")
 # update a git submodule.
 TESTDATA="873045a9c42ed60721756e26e2a6b32e17415205"
 THIRD_PARTY_BROTLI="36533a866ed1ca4b75cf049f4521e4ec5fe24727"
-THIRD_PARTY_GOOGLETEST="58d77fa8070e8cec2dc1ed015d66b454c8d78850"
-THIRD_PARTY_HIGHWAY="457c891775a7397bdb0376bb1031e6e027af1c48"
-THIRD_PARTY_SKCMS="42030a771244ba67f86b1c1c76a6493f873c5f91"
-THIRD_PARTY_SJPEG="e5ab13008bb214deb66d5f3e17ca2f8dbff150bf"
+THIRD_PARTY_GOOGLETEST="6910c9d9165801d8827d628cb72eb7ea9dd538c5" # v1.16.0
+THIRD_PARTY_HIGHWAY="457c891775a7397bdb0376bb1031e6e027af1c48" # v1.2.0
+THIRD_PARTY_SKCMS="b2e692629c1fb19342517d7fb61f1cf83d075492"
+THIRD_PARTY_SJPEG="94e0df6d0f8b44228de5be0ff35efb9f946a13c9" # Wed Apr 2 15:42:02 2025 -0700
 THIRD_PARTY_ZLIB="51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf" # v1.3.1
-THIRD_PARTY_LIBPNG="f135775ad4e5d4408d2e12ffcc71bb36e6b48551" # v1.6.40
+THIRD_PARTY_LIBPNG="872555f4ba910252783af1507f9e7fe1653be252" # v1.6.47
 THIRD_PARTY_LIBJPEG_TURBO="8ecba3647edb6dd940463fedf38ca33a8e2a73d1" # 2.1.5.1
 
 # Download the target revision from GitHub.

3rdparty/libjxl/ci.sh

@@ -5,7 +5,7 @@
 
 set(JPEGXL_MAJOR_VERSION 0)
 set(JPEGXL_MINOR_VERSION 11)
-set(JPEGXL_PATCH_VERSION 1)
+set(JPEGXL_PATCH_VERSION 2)
 set(JPEGXL_LIBRARY_VERSION
     "${JPEGXL_MAJOR_VERSION}.${JPEGXL_MINOR_VERSION}.${JPEGXL_PATCH_VERSION}")
 

3rdparty/libjxl/deps.sh

@@ -36,6 +36,7 @@ class PackedImage {
  public:
   static StatusOr<PackedImage> Create(size_t xsize, size_t ysize,
                                       const JxlPixelFormat& format) {
+    JXL_RETURN_IF_ERROR(VerifyDimensions(xsize, ysize, format));
     PackedImage image(xsize, ysize, format, CalcStride(format, xsize));
     if (!image.pixels()) {
       // TODO(szabadka): use specialized OOM error code
@@ -149,6 +150,28 @@ class PackedImage {
     }
   }
 
+  static Status VerifyDimensions(size_t xsize, size_t ysize,
+                                 const JxlPixelFormat& format) {
+    size_t multiplier = (BitsPerChannel(format.data_type) *
+                         format.num_channels / jxl::kBitsPerByte);
+    size_t stride = xsize * multiplier;
+    if ((stride / multiplier) != xsize) {
+      return JXL_FAILURE("Image too big");
+    }
+    if (format.align > 1) {
+      size_t aligned_stride = jxl::DivCeil(stride, format.align) * format.align;
+      if (stride > aligned_stride) {
+        return JXL_FAILURE("Image too big");
+      }
+      stride = aligned_stride;
+    }
+    size_t pixels_size = ysize * stride;
+    if ((pixels_size / stride) != ysize) {
+      return JXL_FAILURE("Image too big");
+    }
+    return true;
+  }
+
  private:
   PackedImage(size_t xsize, size_t ysize, const JxlPixelFormat& format,
               size_t stride)

3rdparty/libjxl/lib/CMakeLists.txt

@@ -352,7 +352,7 @@ typedef enum {
    *
    * When using streaming input and output the encoder minimizes memory usage at
    * the cost of compression density. Also note that images produced with
-   * streaming mode might not be progressively decodeable.
+   * streaming mode might not be progressively decodable.
    */
   JXL_ENC_FRAME_SETTING_BUFFERING = 34,
 

3rdparty/libjxl/lib/extras/packed_image.h

@@ -604,7 +604,7 @@ void ClusterJpegHistograms(j_compress_ptr cinfo, const Histogram* histograms,
         slot_histograms.push_back(histogram_index);
         slot_costs.push_back(best_cost);
       } else {
-        // TODO(szabadka) Find the best histogram to replce.
+        // TODO(szabadka) Find the best histogram to replace.
         best_slot = (clusters->slot_ids.back() + 1) % 4;
       }
       slot_histograms[best_slot] = histogram_index;