# HG changeset patch
# User Valentin Bartenev <vbart@nginx.com>
# Date 1455284180 -10800
# Node ID dcfe355dfda4693ac1f3aa8fb9705812c2485bac
# Parent  ba3c2ca21aa574d0901cf835f040c41da97dc3bc
HTTP/2: fixed undefined behavior in ngx_http_v2_huff_encode().

When the "pending" value is zero, the "buf" will be right shifted
by the width of its type, which results in undefined behavior.

Found by Coverity (CID 1352150).

diff -r ba3c2ca21aa5 -r dcfe355dfda4 src/http/v2/ngx_http_v2_huff_encode.c
--- a/src/http/v2/ngx_http_v2_huff_encode.c	Thu Feb 11 15:35:36 2016 +0300
+++ b/src/http/v2/ngx_http_v2_huff_encode.c	Fri Feb 12 16:36:20 2016 +0300
@@ -231,6 +231,10 @@
         buf = pending ? code << (sizeof(buf) * 8 - pending) : 0;
     }
 
+    if (pending == 0) {
+        return hlen;
+    }
+
     buf |= (ngx_uint_t) -1 >> pending;
 
     pending = ngx_align(pending, 8);
@@ -241,10 +245,10 @@
 
     buf >>= sizeof(buf) * 8 - pending;
 
-    while (pending) {
+    do {
         pending -= 8;
         dst[hlen++] = (u_char) (buf >> pending);
-    }
+    } while (pending);
 
     return hlen;
 }