ryan/mozjpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix rare bug: right shift by a negative # of bits

Browse Source 
Under very rare circumstances, decompressing specific corrupt JPEG
images would create a situation whereby GET_BITS(1) was invoked
from within HUFF_DECODE_FAST() when bits_left=0. This produced a right
shift by a negative number of bits, which is undefined in C.
This commit is contained in:
DRC
2015-07-21 16:43:39 -05:00
parent b6590d67b3 2a0b4ac337
commit cf0e58de53
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
jdhuff.c
View File

@@ -423,7 +423,7 @@ jpeg_fill_bit_buffer (bitread_working_state * state,
/* Pre-fetch 48 bytes, because the holding register is 64-bit */
#define FILL_BIT_BUFFER_FAST \
if (bits_left < 16) { \
if (bits_left <= 16) { \
GET_BYTE GET_BYTE GET_BYTE GET_BYTE GET_BYTE GET_BYTE \
}
@@ -431,7 +431,7 @@ jpeg_fill_bit_buffer (bitread_working_state * state,
/* Pre-fetch 16 bytes, because the holding register is 32-bit */
#define FILL_BIT_BUFFER_FAST \
if (bits_left < 16) { \
if (bits_left <= 16) { \
GET_BYTE GET_BYTE \
}