lib/jpeg: Replace decoder with Wuffs' implementation

To quote its repo[0]: Wuffs is a memory-safe programming language (and
a standard library written in that language) for Wrangling Untrusted
File Formats Safely. Wrangling includes parsing, decoding and encoding.

It compiles its library, written in its own language, to a C/C++ source
file that can then be used independently without needing support for
the language. That library is now imported to src/vendorcode/wuffs/.

This change modifies our linters to ignore that directory because
it's supposed to contain the wuffs compiler's result verbatim.

Nigel Tao provided an initial wrapper around wuffs' jpeg decoder
that implements our JPEG API. I further changed it a bit regarding
data placement, dropped stuff from our API that wasn't ever used,
or isn't used anymore, and generally made it fit coreboot a bit
better. Features are Nigel's, bugs are mine.

This commit also adapts our jpeg fuzz test to work with the modified
API. After limiting it to deal only with approximately screen sized
inputs, it fuzzed for 25 hours CPU time without a single hang or
crash. This is a notable improvement over running the test with our
old decoder which crashes within a minute.

Finally, I tried the new parser with a pretty-much-random JPEG file
I got from the internet, and it just showed it (once the resolution
matched), which is also a notable improvement over the old decoder
which is very particular about the subset of JPEG it supports.

In terms of code size, a QEmu build's ramstage increases
from 128060 bytes decompressed (64121 bytes after LZMA)
  to 172304 bytes decompressed (82734 bytes after LZMA).

[0] https://github.com/google/wuffs

Change-Id: If8fa7da69da1ad412f27c2c5e882393c7739bc82
Signed-off-by: Patrick Georgi <patrick@coreboot.org>
Based-on-work-by: Nigel Tao <nigeltao@golang.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78271
Reviewed-by: Paul Menzel <paulepanter@mailbox.org>
Reviewed-by: Martin L Roth <gaumless@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

3 files changed, 14 insertions, 7 deletions

diff --git a/util/fuzz-tests/jpeg-test.c b/util/fuzz-tests/jpeg-test.c
index da21824b6e06..4a925384acfc 100644
--- a/util/fuzz-tests/jpeg-test.c
+++ b/util/fuzz-tests/jpeg-test.c
@@ -19,18 +19,23 @@ int main(int argc, char **argv)
 	if (fseek(f, 0, SEEK_SET) != 0)
 		return 1;
 
-	char *buf = malloc(len);
-	struct jpeg_decdata *decdata = malloc(sizeof(*decdata));
+	unsigned char *buf = malloc(len);
 	if (fread(buf, len, 1, f) != 1)
 		return 1;
 	fclose(f);
 
-	int width;
-	int height;
-	jpeg_fetch_size(buf, &width, &height);
+	unsigned int width;
+	unsigned int height;
+	if (jpeg_fetch_size(buf, len, &width, &height) != 0) {
+		return 1;
+	}
+	if ((width > 6000) || (height > 6000)) {
+		// infeasible data set
+		return 1;
+	}
 	//printf("width: %d, height: %d\n", width, height);
-	char *pic = malloc(depth / 8 * width * height);
-	int ret = jpeg_decode(buf, pic, width, height, width * depth / 8, depth, decdata);
+	unsigned char *pic = malloc(depth / 8 * width * height);
+	int ret = jpeg_decode(buf, len, pic, width, height, width * depth / 8, depth);
 	//printf("ret: %x\n", ret);
 	return ret;
 }
diff --git a/util/lint/lint-007-checkpatch b/util/lint/lint-007-checkpatch
index a9cf78288513..f8a8095e39af 100755
--- a/util/lint/lint-007-checkpatch
+++ b/util/lint/lint-007-checkpatch
@@ -17,6 +17,7 @@ INCLUDED_FILES='.*\.[ch]\|Kconfig.*$'
 
 EXCLUDED_DIRS="^payloads/libpayload/util/kconfig\|\
 ^payloads/libpayload/curses/PDCurses\|\
+^src/vendorcode/wuffs\|\
 ^util/coreboot-configurator\|\
 ^util/crossgcc/patches\|\
 ^util/inteltool\|\
diff --git a/util/lint/lint-stable-004-style-labels b/util/lint/lint-stable-004-style-labels
index 2418cdf249fc..dbb10acd2882 100755
--- a/util/lint/lint-stable-004-style-labels
+++ b/util/lint/lint-stable-004-style-labels
@@ -14,5 +14,6 @@ LINTDIR="$(
 
 ${FIND_FILES} | \
 	grep "^src/.*\.[csS]$" | \
+	grep -v "^src/vendorcode/wuffs/" | \
 	xargs grep -Hn '^[[:space:]][[:space:]]*[a-z][a-z]*:[[:space:]]*$' | \
 	grep -v "[^a-z_]default:"