HTTP/2: fixed undefined behavior in ngx_http_v2_huff_encode(). When the "pending" value is zero, the "buf" will be right shifted by the width of its type, which results in undefined behavior. Found by Coverity (CID 1352150).

commit: 473bcab760876c9e97efeb5f189164a8415c7925 [log] [tgz]
author: Valentin Bartenev <vbart@nginx.com> Fri Feb 12 16:36:20 2016 +0300
committer: Valentin Bartenev <vbart@nginx.com> Fri Feb 12 16:36:20 2016 +0300
tree: 6bb1c7a1402cd0c3bda32799e1d7e1dd0e6e0bf6
parent: a537a23e1a24b3f5f2a79b87702df90973a364a8 [diff]
diff --git a/src/http/v2/ngx_http_v2_huff_encode.c b/src/http/v2/ngx_http_v2_huff_encode.c
index 16c154b..3f822cd 100644
--- a/src/http/v2/ngx_http_v2_huff_encode.c
+++ b/src/http/v2/ngx_http_v2_huff_encode.c

@@ -231,6 +231,10 @@
         buf = pending ? code << (sizeof(buf) * 8 - pending) : 0;
     }
 
+    if (pending == 0) {
+        return hlen;
+    }
+
     buf |= (ngx_uint_t) -1 >> pending;
 
     pending = ngx_align(pending, 8);
@@ -241,10 +245,10 @@
 
     buf >>= sizeof(buf) * 8 - pending;
 
-    while (pending) {
+    do {
         pending -= 8;
         dst[hlen++] = (u_char) (buf >> pending);
-    }
+    } while (pending);
 
     return hlen;
 }
commit	473bcab760876c9e97efeb5f189164a8415c7925	[log] [tgz]
author	Valentin Bartenev <vbart@nginx.com>	Fri Feb 12 16:36:20 2016 +0300
committer	Valentin Bartenev <vbart@nginx.com>	Fri Feb 12 16:36:20 2016 +0300
tree	6bb1c7a1402cd0c3bda32799e1d7e1dd0e6e0bf6
parent	a537a23e1a24b3f5f2a79b87702df90973a364a8 [diff]