Merge pull request #708 from GrokImageCompression/issue_695

issue #695 MQ Encode: ensure that bp pointer never points to uninitialized memory
uclouvain · Apr 18, 2016 · e1a93d9 · e1a93d9
2 parents a1c0ee9 + 0069a2b
commit e1a93d9
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/src/lib/openjp2/mqc.c b/src/lib/openjp2/mqc.c
@@ -203,13 +203,20 @@ static opj_mqc_state_t mqc_states[47 * 2] = {
 */
 
 static void opj_mqc_byteout(opj_mqc_t *mqc) {
- if (*mqc->bp == 0xff) {
+ /* avoid accessing uninitialized memory*/
+ if (mqc->bp == mqc->start-1) {
+ mqc->bp++;
+ *mqc->bp = (OPJ_BYTE)(mqc->c >> 19);
+ mqc->c &= 0x7ffff;
+ mqc->ct = 8;
+ }
+ else if (*mqc->bp == 0xff) {
  mqc->bp++;
  *mqc->bp = (OPJ_BYTE)(mqc->c >> 20);
  mqc->c &= 0xfffff;
  mqc->ct = 7;
  } else {
- if ((mqc->c & 0x8000000) == 0) { /* ((mqc->c&0x8000000)==0) CHANGE */
+ if ((mqc->c & 0x8000000) == 0) { 
  mqc->bp++;
  *mqc->bp = (OPJ_BYTE)(mqc->c >> 19);
  mqc->c &= 0x7ffff;
@@ -395,9 +402,6 @@ void opj_mqc_init_enc(opj_mqc_t *mqc, OPJ_BYTE *bp) {
  mqc->c = 0;
  mqc->bp = bp - 1;
  mqc->ct = 12;
- if (*mqc->bp == 0xff) {
- mqc->ct = 13;
- }
  mqc->start = bp;
 }