Use of uninitialized value in `stbi__jpeg_decode_block_prog_ac`

[JarLob]

The pointer p at line 2391 in stbi__jpeg_decode_block_prog_ac uses the second element from data array, but the value wasn't initialized.

Impact

It doesn't seem to be a potential security issue, but nevertheless looks like some logical bug in decoding.

Resources

To reproduce the issue:

1. Make MSAN build of the following program:

#include <stdint.h>
#define STB_IMAGE_IMPLEMENTATION
#include "../stb_image.h"

int main(int argc, char* argv[])
{
    const uint8_t data[] = {0xff,0xd8,0xff,0xc2,0x00,0x11,0x08,0x00,0x50,0x00,
                            0x4b,0x03,0x01,0x22,0x00,0x02,0x11,0x01,0x03,0x11,
                            0x01,0xff,0xda,0x00,0x08,0x01,0x02,0x01,0x01,0x3f,
                            0x65};
    size_t size = sizeof(data);

    int x, y, channels;
    stbi_uc *img = stbi_load_from_memory(data, size, &x, &y, &channels, 4);
    stbi_image_free(img);
    return 0;
}

2. Set breakpoint at line 2391 in stbi__jpeg_decode_block_prog_ac and run the program to hit the usage of the uninitialized memory.

==382370==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x5e4db2 in stbi__jpeg_decode_block_prog_ac(stbi__jpeg*, short*, stbi__huffman*, short*) tests/../stb_image.h:2391:20
    #1 0x5d4618 in stbi__parse_entropy_coded_data(stbi__jpeg*) tests/../stb_image.h:3026:24
    #2 0x5c6ada in stbi__decode_jpeg_image(stbi__jpeg*) tests/../stb_image.h:3423:15
    #3 0x5b98bb in load_jpeg_image(stbi__jpeg*, int*, int*, int*, int) tests/../stb_image.h:3872:9
    #4 0x4deb1b in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) tests/../stb_image.h:4035:13
    #5 0x4c0605 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) tests/../stb_image.h:1166:35
    #6 0x4a617b in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) tests/../stb_image.h:1261:19
    #7 0x4abca5 in stbi_load_from_memory tests/../stb_image.h:1431:11