From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 30 Jul 2017 13:22:24 +0000 (+0200)
Subject: opj_tcd_dc_level_shift_decode: avoid int32 overflow when prec == 31. Fixes https... 
X-Git-Tag: v2.2.0~28
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=68832af20e3b3710424947e12762b6b52d3b6ac0;p=openjpeg

opj_tcd_dc_level_shift_decode: avoid int32 overflow when prec == 31. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2799. Credit to OSS Fuzz
---

diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
index 08c5a765..1213bffe 100644
--- a/src/lib/openjp2/tcd.c
+++ b/src/lib/openjp2/tcd.c
@@ -1883,7 +1883,7 @@ static OPJ_BOOL opj_tcd_dc_level_shift_decode(opj_tcd_t *p_tcd)
             l_max = (1 << (l_img_comp->prec - 1)) - 1;
         } else {
             l_min = 0;
-            l_max = (1 << l_img_comp->prec) - 1;
+            l_max = (OPJ_INT32)((1U << l_img_comp->prec) - 1);
         }
 
         l_current_ptr = l_tile_comp->data;