ref: 778862c21165b485302010beb5fb0765f8338b96
parent: dc14b5a69be02341d84e2956131f93f962408af2
author: Sebastian Rasmussen <sebras@gmail.com>
date: Sun Apr 5 08:24:36 EDT 2020
jbig2dec: Initiate variable before avoids using uninited data during cleanup. Fixes OSS-fuzz issue 21571. Also fixes Coverity CID 355467. Thanks to OSS-fuzz for reporting.
--- a/jbig2_text.c
+++ b/jbig2_text.c
@@ -593,6 +593,9 @@
uint32_t table_index = 0;
const Jbig2HuffmanParams *huffman_params = NULL;
+ /* zero params to ease cleanup later */
+ memset(¶ms, 0, sizeof(Jbig2TextRegionParams));
+
/* 7.4.1 */
if (segment->data_length < 17) {code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "segment too short");
@@ -613,9 +616,6 @@
offset += 2;
jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, "text region header flags 0x%04x", flags);
-
- /* zero params to ease cleanup later */
- memset(¶ms, 0, sizeof(Jbig2TextRegionParams));
params.SBHUFF = flags & 0x0001;
params.SBREFINE = flags & 0x0002;