1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avcodec/dpx: fix off by 1 in bits_per_color check

Fixes: CID1476303 Bad bit shift operation
Fixes: 34871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-6331163028357120

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca9025f374)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-05-16 19:44:40 +02:00
parent 57f68127da
commit f91056a25a

View File

@ -242,7 +242,7 @@ static int decode_frame(AVCodecContext *avctx,
return AVERROR_PATCHWELCOME;
}
if (bits_per_color > 32)
if (bits_per_color > 31)
return AVERROR_INVALIDDATA;
buf += 820;
@ -319,7 +319,7 @@ static int decode_frame(AVCodecContext *avctx,
minCV = av_int2float(i);
maxCV = av_int2float(j);
if (bits_per_color >= 1 &&
minCV == 0.0f && maxCV == ((1<<bits_per_color) - 1)) {
minCV == 0.0f && maxCV == ((1U<<bits_per_color) - 1)) {
avctx->color_range = AVCOL_RANGE_JPEG;
} else if (bits_per_color >= 8 &&
minCV == (1 <<(bits_per_color - 4)) &&