[FFmpeg-cvslog] avcodec/dpx: fix off by 1 in bits_per_color check

Fri Jun 18 22:15:00 EEST 2021

ffmpeg | branch: release/4.4 | Michael Niedermayer <michael at niedermayer.cc> | Sun May 16 19:44:40 2021 +0200| [f91056a25a7db47e55ae3815c52932eac32803d6] | committer: Michael Niedermayer

avcodec/dpx: fix off by 1 in bits_per_color check

Fixes: CID1476303 Bad bit shift operation
Fixes: 34871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-6331163028357120

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ca9025f374e4c4632a8a1be623304b78ba6435f6)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f91056a25a7db47e55ae3815c52932eac32803d6
---

 libavcodec/dpx.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c
index b02996f04c..915d94077e 100644
--- a/libavcodec/dpx.c
+++ b/libavcodec/dpx.c
@@ -242,7 +242,7 @@ static int decode_frame(AVCodecContext *avctx,
         return AVERROR_PATCHWELCOME;
     }
 
-    if (bits_per_color > 32)
+    if (bits_per_color > 31)
         return AVERROR_INVALIDDATA;
 
     buf += 820;
@@ -319,7 +319,7 @@ static int decode_frame(AVCodecContext *avctx,
             minCV = av_int2float(i);
             maxCV = av_int2float(j);
             if (bits_per_color >= 1 &&
-                minCV == 0.0f && maxCV == ((1<<bits_per_color) - 1)) {
+                minCV == 0.0f && maxCV == ((1U<<bits_per_color) - 1)) {
                 avctx->color_range = AVCOL_RANGE_JPEG;
             } else if (bits_per_color >= 8 &&
                        minCV == (1  <<(bits_per_color - 4)) &&

