jchuff.c/flush_bits(): Guard against put_bits < 0

This fixes a UBSan negative shift warning, reported by OSS-Fuzz, that occurred when attempting to transform a specially-crafted malformed arithmetic-coded JPEG image into a baseline Huffman-coded JPEG destination image with default Huffman tables. This issue probably had a similar root cause to the issue fixed in 31a301389b, but in this case, the issue only occurred with the SIMD baseline Huffman encoder in libjpeg-turbo 2.1.x. It was not reproducible in 2.0.x or 3.0.x or when using the C baseline Huffman encoder.
2023-07-12 12:29:42 -04:00
parent 58cee6d90c
commit 041c80a42e
1 changed files with 1 additions and 1 deletions
--- a/jchuff.c
+++ b/jchuff.c
@@ -518,7 +518,7 @@ flush_bits(working_state *state)
    temp = (JOCTET)(put_buffer >> put_bits);
    EMIT_BYTE(temp)
  }
-  if (put_bits) {
+  if (put_bits > 0) {
    /* fill partial byte with ones */
    temp = (JOCTET)((put_buffer << (8 - put_bits)) | (0xFF >> put_bits));
    EMIT_BYTE(temp)