Commit d3a3a73f64041c6a6905faf6f9f9832e735fd880
2019-04-10T14:28:47
jdhuff.c: Silence UBSan signed int overflow error Some pathological test images have been created that can cause s to overflow or underflow the signed int data type during decompression. This is technically undefined behavior according to the C spec, although every modern implementation I'm aware of will treat the signed int as a 2's complement unsigned int, thus causing the value to wrap around to INT_MIN if it exceeds INT_MAX. This commit simply makes that behavior explicit in order to shut up UBSan. At least when building for x86-64 or i386 using Clang or GCC, this commit does not change the compiler-generated assembly code at all. The code that triggered this error has existed in the libjpeg code base for at least 20 years (and probably much longer), so the fact that it hasn't produced a user-visible problem in all of that time strongly suggests that UBSan is being overly pedantic here. But if someone can cough up a platform that doesn't wrap around to INT_MIN when 1 is added to INT_MAX, then I'll happily change my opinion. Fixes #347