# HG changeset patch
# User Valentin Bartenev <vbart@nginx.com>
# Date 1455284180 -10800
# Node ID dcfe355dfda4693ac1f3aa8fb9705812c2485bac
# Parent  ba3c2ca21aa574d0901cf835f040c41da97dc3bc
HTTP/2: fixed undefined behavior in ngx_http_v2_huff_encode().

When the "pending" value is zero, the "buf" will be right shifted
by the width of its type, which results in undefined behavior.

Found by Coverity (CID 1352150).

diff --git a/src/http/v2/ngx_http_v2_huff_encode.c b/src/http/v2/ngx_http_v2_huff_encode.c
--- a/src/http/v2/ngx_http_v2_huff_encode.c
+++ b/src/http/v2/ngx_http_v2_huff_encode.c
@@ -231,6 +231,10 @@ ngx_http_v2_huff_encode(u_char *src, siz
         buf = pending ? code << (sizeof(buf) * 8 - pending) : 0;
     }
 
+    if (pending == 0) {
+        return hlen;
+    }
+
     buf |= (ngx_uint_t) -1 >> pending;
 
     pending = ngx_align(pending, 8);
@@ -241,10 +245,10 @@ ngx_http_v2_huff_encode(u_char *src, siz
 
     buf >>= sizeof(buf) * 8 - pending;
 
-    while (pending) {
+    do {
         pending -= 8;
         dst[hlen++] = (u_char) (buf >> pending);
-    }
+    } while (pending);
 
     return hlen;
 }