From bc257bc41e9dfbc696dcec6a65e7ad83a8f703a0 Mon Sep 17 00:00:00 2001
From: danblooomberg <dan.bloomberg@gmail.com>
Date: Sat, 12 Oct 2024 23:06:13 -0700
Subject: [PATCH] Fix fuzzing error Issue #372994444, from change in Issue #750
 * Cast byte to uint32 before left-shifting by 24, to avoid possible overflow.

---
 src/bmpio.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bmpio.c b/src/bmpio.c
index 99f26f7a9..3d81d9813 100644
--- a/src/bmpio.c
+++ b/src/bmpio.c
@@ -181,8 +181,8 @@ PIXCMAP   *cmap;
          * Note that the first 4 bytes give the infoheader size.
          * The infoheader pointer on sparc64 is not 32-bit aligned. */
     bmpih_b = (l_uint8 *)bmpih;
-    ihbytes = bmpih_b[0] + (bmpih_b[1] << 8) +
-              (bmpih_b[2] << 16) + (bmpih_b[3] << 24);
+    ihbytes = bmpih_b[0] + ((l_int32)bmpih_b[1] << 8) +
+              ((l_int32)bmpih_b[2] << 16) + ((l_uint32)bmpih_b[3] << 24);
     width = convertOnBigEnd32(bmpih->biWidth);
     height = convertOnBigEnd32(bmpih->biHeight);
     depth = convertOnBigEnd16(bmpih->biBitCount);