obu: Handle size == 0 in avifBitsInit If size == 0, eof has to be set to 1 in avifBitsInit for the rest of the code to work as intended. Otherwise the first byte is read unconditionally which is incorrect. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68568

commit: 90efc1ec8c9f3cab7f43427513f23f6aadbccf88 [log] [tgz]
author: Vignesh Venkat <vigneshv@google.com> Thu May 02 15:47:34 2024 -0700
committer: Vignesh Venkatasubramanian <vigneshvg@users.noreply.github.com> Thu May 02 16:37:06 2024 -0700
tree: 7217979252403cd3133d3acd93205512bf5116d2
parent: db8815a0d9c8327613703176f301b67b16ac4035 [diff]
diff --git a/src/obu.c b/src/obu.c
index 60e41bf..abd2628 100644
--- a/src/obu.c
+++ b/src/obu.c

@@ -66,7 +66,7 @@
     bits->bitsLeft = 0;
     bits->state = 0;
     bits->error = 0;
-    bits->eof = 0;
+    bits->eof = (size == 0);
 }
 
 static void avifBitsRefill(avifBits * const bits, const uint32_t n)
commit	90efc1ec8c9f3cab7f43427513f23f6aadbccf88	[log] [tgz]
author	Vignesh Venkat <vigneshv@google.com>	Thu May 02 15:47:34 2024 -0700
committer	Vignesh Venkatasubramanian <vigneshvg@users.noreply.github.com>	Thu May 02 16:37:06 2024 -0700
tree	7217979252403cd3133d3acd93205512bf5116d2
parent	db8815a0d9c8327613703176f301b67b16ac4035 [diff]