shithub: jbig2

Download patch

ref: d0edf5a64a15f019db986a60e4e6db1846e5e19a
parent: 9d2c4f3bdb0bd003deae788e7187c0f86e624544
author: Shailesh Mistry <[email protected]>
date: Tue Feb 7 17:15:58 EST 2017

Bug 697531 : Fix decoder error on JBIG2 compressed image.

The problem is in jbig2_word_stream_buf_get_next_word
returning -1 and sending a fail error causing the whole
file to fail.

Now when the buffer is exhausted, the returned value is set
to zero so that the decoder does not try to use an
unintialised value.

This now means the error return is pointless and another
commit will follow this one to tidy up the unused code.

--- a/jbig2.c
+++ b/jbig2.c
@@ -383,20 +383,17 @@
 {
     Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self;
     const byte *data = z->data;
-    uint32_t result;
 
+    *word = 0;
     if (offset + 4 < z->size)
-        result = (data[offset] << 24) | (data[offset + 1] << 16) | (data[offset + 2] << 8) | data[offset + 3];
-    else if (offset > z->size)
-        return -1;
-    else {
+        *word = (data[offset] << 24) | (data[offset + 1] << 16) | (data[offset + 2] << 8) | data[offset + 3];
+    else if (offset <= z->size) {
         size_t i;
 
-        result = 0;
         for (i = 0; i < z->size - offset; i++)
-            result |= data[offset + i] << ((3 - i) << 3);
+            *word |= data[offset + i] << ((3 - i) << 3);
     }
-    *word = result;
+
     return 0;
 }