ryan/mozjpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jchuff.c/flush_bits(): Guard against put_bits < 0

Browse Source 
This fixes a UBSan negative shift warning, reported by OSS-Fuzz, that
occurred when attempting to transform a specially-crafted malformed
arithmetic-coded JPEG image into a baseline Huffman-coded JPEG
destination image with default Huffman tables.  This issue probably
had a similar root cause to the issue fixed in
31a301389b, but in this case, the issue
only occurred with the SIMD baseline Huffman encoder in libjpeg-turbo
2.1.x.  It was not reproducible in 2.0.x or 3.0.x or when using the
C baseline Huffman encoder.
This commit is contained in:
DRC
2023-07-12 12:29:42 -04:00
committed by DRC
parent 58cee6d90c
commit 041c80a42e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jchuff.c
View File

@@ -518,7 +518,7 @@ flush_bits(working_state *state)
temp = (JOCTET)(put_buffer >> put_bits); temp = (JOCTET)(put_buffer >> put_bits);
EMIT_BYTE(temp) EMIT_BYTE(temp)
} }
if (put_bits) { if (put_bits > 0) {
/* fill partial byte with ones */ /* fill partial byte with ones */
temp = (JOCTET)((put_buffer << (8 - put_bits)) | (0xFF >> put_bits)); temp = (JOCTET)((put_buffer << (8 - put_bits)) | (0xFF >> put_bits));
EMIT_BYTE(temp) EMIT_BYTE(temp)