ref: 060a2afad426347a9d63544f8ff7a5c2c96ae8e1
parent: f08c5d888ac82e5678c84b777f467b171ae28441
author: Julian Smith <jules@op59.net>
date: Thu Jan 9 12:14:57 EST 2020
Coverity 94488: improved detection of uninitialised Jbig2HuffmanEntry. When checking for an incorrect uninitialised entry, test for /either/ of <flags> and <PREFLEN> being -1. Previously we tested for /all/ of <flags>, <PREFLEN> and <entry->u.RANGELOW> being -1, which made coverity think that the following code could be run with PREFLEN=-1, which then triggers issue about illegal shifts. [It seems that <entry->u.RANGELOW> can be -1 in normal operation, so have excluded from the new test.]
--- a/jbig2_huffman.c
+++ b/jbig2_huffman.c
@@ -299,7 +299,7 @@
entry = &table->entries[log_table_size > 0 ? this_word >> (32 - log_table_size) : 0];
flags = entry->flags;
PREFLEN = entry->PREFLEN;
- if (flags == (byte) -1 && PREFLEN == (byte) -1 && entry->u.RANGELOW == -1) {+ if (flags == (byte) -1 || PREFLEN == (byte) -1) {if (oob)
*oob = -1;
return jbig2_error(hs->ctx, JBIG2_SEVERITY_FATAL, -1, "encountered unpopulated huffman table entry");