Undefined-shift in de265_image::set_nonzero_coefficient

Oss-fuzz testing of GraphicsMagick has resulted in oss-fuzz report [384182501](https://issues.oss-fuzz.com/issues/384182501). The set_nonzero_coefficient() inline function fails to assure that 'log2TrafoSize - tu_info.log2unitSize' is a positive value.  For the provided test-case, the left shift request is -1.  The computed value 'width' is used as one of the controlling values in two loops, so this may result in a security issue if the loops run for a very long time, or if the computed 'tu_info' array index is out of bounds.  Since the result is "undefined behavior", the behavior may depend on the compiler and compilation options used.

This is the POC test-case that oss-fuzz produced (extension changed to allow upload):

![clusterfuzz-testcase-minimized-coder_HEIF_fuzzer-5118858410655744 heif](https://github.com/user-attachments/assets/e9e31eee-df90-4a64-9a6a-9c2167617e41)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Undefined-shift in de265_image::set_nonzero_coefficient #465

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Undefined-shift in de265_image::set_nonzero_coefficient #465

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions