rdppm.c: Fix innocuous MSan error

A fuzzing test case that was effectively a 1-pixel PGM file with a maximum value of 1 and an actual value of 8 caused an uninitialized member of the rescale[] array to be accessed in get_gray_rgb_row() or get_gray_cmyk_row(). Since, for performance reasons, those functions do not perform bounds checking on the PPM values, we need to ensure that unused members of the rescale[] array are initialized.
2021-04-07 15:51:05 -05:00
parent 3311fc0001
commit b1079002ad
1 changed files with 2 additions and 0 deletions
--- a/rdppm.c
+++ b/rdppm.c
@@ -727,6 +727,8 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
      (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
                                  (size_t)(((long)MAX(maxval, 255) + 1L) *
                                           sizeof(JSAMPLE)));
+    MEMZERO(source->rescale, (size_t)(((long)MAX(maxval, 255) + 1L) *
+                                      sizeof(JSAMPLE)));
    half_maxval = maxval / 2;
    for (val = 0; val <= (long)maxval; val++) {
      /* The multiplication here must be done in 32 bits to avoid overflow */