shithub: jbig2

Download patch

ref: 060a2afad426347a9d63544f8ff7a5c2c96ae8e1
parent: f08c5d888ac82e5678c84b777f467b171ae28441
author: Julian Smith <jules@op59.net>
date: Thu Jan 9 12:14:57 EST 2020

Coverity 94488: improved detection of uninitialised Jbig2HuffmanEntry.

When checking for an incorrect uninitialised entry, test for /either/ of
<flags> and <PREFLEN> being -1.

Previously we tested for /all/ of <flags>, <PREFLEN> and <entry->u.RANGELOW>
being -1, which made coverity think that the following code could be run with
PREFLEN=-1, which then triggers issue about illegal shifts.

[It seems that <entry->u.RANGELOW> can be -1 in normal operation, so have
excluded from the new test.]

--- a/jbig2_huffman.c
+++ b/jbig2_huffman.c
@@ -299,7 +299,7 @@
         entry = &table->entries[log_table_size > 0 ? this_word >> (32 - log_table_size) : 0];
         flags = entry->flags;
         PREFLEN = entry->PREFLEN;
-        if (flags == (byte) -1 && PREFLEN == (byte) -1 && entry->u.RANGELOW == -1) {
+        if (flags == (byte) -1 || PREFLEN == (byte) -1) {
             if (oob)
                 *oob = -1;
             return jbig2_error(hs->ctx, JBIG2_SEVERITY_FATAL, -1, "encountered unpopulated huffman table entry");