From 6ce49bf5aebb3c45c464fa82d14cfd4bf7026a28 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Fri, 1 Sep 2017 10:26:18 +0200
Subject: [PATCH] Fix undefined shift behaviour in
 opj_dwt_is_whole_tile_decoding(). Fixes
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3255. Credit to OSS
 Fuzz

---
 src/lib/openjp2/dwt.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
index ee0b5b22..7377b642 100644
--- a/src/lib/openjp2/dwt.c
+++ b/src/lib/openjp2/dwt.c
@@ -1218,13 +1218,14 @@ static OPJ_BOOL opj_dwt_is_whole_tile_decoding(opj_tcd_t *p_tcd,
     /* Tolerate small margin within the reduced resolution factor to consider if */
     /* the whole tile path must be taken */
     return (tcx0 >= (OPJ_UINT32)tilec->x0 &&
-            ((tcx0 - (OPJ_UINT32)tilec->x0) >> shift) == 0 &&
             tcy0 >= (OPJ_UINT32)tilec->y0 &&
-            ((tcy0 - (OPJ_UINT32)tilec->y0) >> shift) == 0 &&
             tcx1 <= (OPJ_UINT32)tilec->x1 &&
-            (((OPJ_UINT32)tilec->x1 - tcx1) >> shift) == 0 &&
             tcy1 <= (OPJ_UINT32)tilec->y1 &&
-            (((OPJ_UINT32)tilec->y1 - tcy1) >> shift) == 0);
+            (shift >= 32 ||
+             (((tcx0 - (OPJ_UINT32)tilec->x0) >> shift) == 0 &&
+              ((tcy0 - (OPJ_UINT32)tilec->y0) >> shift) == 0 &&
+              (((OPJ_UINT32)tilec->x1 - tcx1) >> shift) == 0 &&
+              (((OPJ_UINT32)tilec->y1 - tcy1) >> shift) == 0)));
 }
 
 /* <summary>                            */