Merge pull request #708 from GrokImageCompression/issue_695

issue #695 MQ Encode: ensure that bp pointer never points to uninitialized memory
author: Antonin Descampe <antonin@gmail.com> 2016-04-18 10:51:51 +0200
committer: Antonin Descampe <antonin@gmail.com> 2016-04-18 10:51:51 +0200
commit: e1a93d9e59f08b708200e6a371f3f6a4eeb54940 (patch)
tree: 75ff810adef77f8434b6d6460432befdefd7f082 /src/lib
parent: a1c0ee9a861778d54df734ebc21b604f06bd52bf (diff)
parent: 0069a2bd2f8055b7edf9699332f4f00ac5351564 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/src/lib/openjp2/mqc.c b/src/lib/openjp2/mqc.c
index 7e0f5637..4e409a7c 100644
--- a/src/lib/openjp2/mqc.c
+++ b/src/lib/openjp2/mqc.c
@@ -203,13 +203,20 @@ static opj_mqc_state_t mqc_states[47 * 2] = {
 */
 
 static void opj_mqc_byteout(opj_mqc_t *mqc) {
-	if (*mqc->bp == 0xff) {
+	/* avoid accessing uninitialized memory*/
+	if (mqc->bp == mqc->start-1) {
+		mqc->bp++;
+		*mqc->bp = (OPJ_BYTE)(mqc->c >> 19);
+		mqc->c &= 0x7ffff;
+		mqc->ct = 8;
+	}
+	else if (*mqc->bp == 0xff) {
 		mqc->bp++;
 		*mqc->bp = (OPJ_BYTE)(mqc->c >> 20);
 		mqc->c &= 0xfffff;
 		mqc->ct = 7;
 	} else {
-		if ((mqc->c & 0x8000000) == 0) {	/* ((mqc->c&0x8000000)==0) CHANGE */
+		if ((mqc->c & 0x8000000) == 0) {	
 			mqc->bp++;
 			*mqc->bp = (OPJ_BYTE)(mqc->c >> 19);
 			mqc->c &= 0x7ffff;
@@ -395,9 +402,6 @@ void opj_mqc_init_enc(opj_mqc_t *mqc, OPJ_BYTE *bp) {
 	mqc->c = 0;
 	mqc->bp = bp - 1;
 	mqc->ct = 12;
-	if (*mqc->bp == 0xff) {
-		mqc->ct = 13;
-	}
 	mqc->start = bp;
 }
author	Antonin Descampe <antonin@gmail.com>	2016-04-18 10:51:51 +0200
committer	Antonin Descampe <antonin@gmail.com>	2016-04-18 10:51:51 +0200
commit	e1a93d9e59f08b708200e6a371f3f6a4eeb54940 (patch)
tree	75ff810adef77f8434b6d6460432befdefd7f082 /src/lib
parent	a1c0ee9a861778d54df734ebc21b604f06bd52bf (diff)
parent	0069a2bd2f8055b7edf9699332f4f00ac5351564 (diff)