Fix fuzzing error Issue #372994444, from change in Issue #750

* Cast byte to uint32 before left-shifting by 24, to avoid possible overflow.
DanBloomberg · Oct 13, 2024 · bc257bc · bc257bc
1 parent fa3992f
commit bc257bc
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/bmpio.c b/src/bmpio.c
@@ -181,8 +181,8 @@ PIXCMAP   *cmap;
          * Note that the first 4 bytes give the infoheader size.
          * The infoheader pointer on sparc64 is not 32-bit aligned. */
     bmpih_b = (l_uint8 *)bmpih;
-    ihbytes = bmpih_b[0] + (bmpih_b[1] << 8) +
-              (bmpih_b[2] << 16) + (bmpih_b[3] << 24);
+    ihbytes = bmpih_b[0] + ((l_int32)bmpih_b[1] << 8) +
+              ((l_int32)bmpih_b[2] << 16) + ((l_uint32)bmpih_b[3] << 24);
     width = convertOnBigEnd32(bmpih->biWidth);
     height = convertOnBigEnd32(bmpih->biHeight);
     depth = convertOnBigEnd16(bmpih->biBitCount);