avcodec/tiff: Fix integer overflows in left shift in init_image()

Fixes: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 11377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5694319101476864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tiff: Fix integer overflows in left shift in init_image()
Fixes: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 11377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5694319101476864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
a036c259 · Michael Niedermayer · 5a761713 · a036c259
Commit a036c259 authored Nov 26, 2018 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

tiff.c libavcodec/tiff.c +6 -6

No files found.
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -706,7 +706,7 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
        s->avctx->pix_fmt = s->palette_is_set ? AV_PIX_FMT_PAL8 : AV_PIX_FMT_GRAY8;
        break;
    case 10081:
-        switch (s->pattern[0] | (s->pattern[1] << 8) | (s->pattern[2] << 16) | (s->pattern[3] << 24)) {
+        switch (AV_RL32(s->pattern)) {
        case 0x02010100:
            s->avctx->pix_fmt = AV_PIX_FMT_BAYER_RGGB8;
            break;
@@ -721,12 +721,12 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
            break;
        default:
            av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
-                   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24);
+                   AV_RL32(s->pattern));
            return AVERROR_PATCHWELCOME;
        }
        break;
    case 10121:
-        switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24) {
+        switch (AV_RL32(s->pattern)) {
        case 0x02010100:
            s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : AV_PIX_FMT_BAYER_RGGB16BE;
            break;
@@ -741,12 +741,12 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
            break;
        default:
            av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
-                   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24);
+                   AV_RL32(s->pattern));
            return AVERROR_PATCHWELCOME;
        }
        break;
    case 10161:
-        switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24) {
+        switch (AV_RL32(s->pattern)) {
        case 0x02010100:
            s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : AV_PIX_FMT_BAYER_RGGB16BE;
            break;
@@ -761,7 +761,7 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
            break;
        default:
            av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
-                   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24);
+                   AV_RL32(s->pattern));
            return AVERROR_PATCHWELCOME;
        }
        break;