Fix undefined shift behaviour in opj_dwt_is_whole_tile_decoding(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3255. Credit to OSS Fuzz

author: Even Rouault <even.rouault@spatialys.com> 2017-09-01 10:26:18 +0200
committer: Even Rouault <even.rouault@spatialys.com> 2017-09-01 10:26:18 +0200
commit: 6ce49bf5aebb3c45c464fa82d14cfd4bf7026a28 (patch)
tree: 8bf785fb83b0d925fab66867b2321eef87976d3a /src/lib
parent: 04b70908a7ada29481d2e1903b76f44a68d4d268 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
index ee0b5b22..7377b642 100644
--- a/src/lib/openjp2/dwt.c
+++ b/src/lib/openjp2/dwt.c
@@ -1218,13 +1218,14 @@ static OPJ_BOOL opj_dwt_is_whole_tile_decoding(opj_tcd_t *p_tcd,
     /* Tolerate small margin within the reduced resolution factor to consider if */
     /* the whole tile path must be taken */
     return (tcx0 >= (OPJ_UINT32)tilec->x0 &&
-            ((tcx0 - (OPJ_UINT32)tilec->x0) >> shift) == 0 &&
             tcy0 >= (OPJ_UINT32)tilec->y0 &&
-            ((tcy0 - (OPJ_UINT32)tilec->y0) >> shift) == 0 &&
             tcx1 <= (OPJ_UINT32)tilec->x1 &&
-            (((OPJ_UINT32)tilec->x1 - tcx1) >> shift) == 0 &&
             tcy1 <= (OPJ_UINT32)tilec->y1 &&
-            (((OPJ_UINT32)tilec->y1 - tcy1) >> shift) == 0);
+            (shift >= 32 ||
+             (((tcx0 - (OPJ_UINT32)tilec->x0) >> shift) == 0 &&
+              ((tcy0 - (OPJ_UINT32)tilec->y0) >> shift) == 0 &&
+              (((OPJ_UINT32)tilec->x1 - tcx1) >> shift) == 0 &&
+              (((OPJ_UINT32)tilec->y1 - tcy1) >> shift) == 0)));
 }
 
 /* <summary>                            */
author	Even Rouault <even.rouault@spatialys.com>	2017-09-01 10:26:18 +0200
committer	Even Rouault <even.rouault@spatialys.com>	2017-09-01 10:26:18 +0200
commit	6ce49bf5aebb3c45c464fa82d14cfd4bf7026a28 (patch)
tree	8bf785fb83b0d925fab66867b2321eef87976d3a /src/lib
parent	04b70908a7ada29481d2e1903b76f44a68d4d268 (diff)