From f91056a25a7db47e55ae3815c52932eac32803d6 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 16 May 2021 19:44:40 +0200
Subject: [PATCH] avcodec/dpx: fix off by 1 in bits_per_color check

Fixes: CID1476303 Bad bit shift operation
Fixes: 34871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-6331163028357120

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca9025f374e4c4632a8a1be623304b78ba6435f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dpx.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c
index b02996f04c..915d94077e 100644
--- a/libavcodec/dpx.c
+++ b/libavcodec/dpx.c
@@ -242,7 +242,7 @@ static int decode_frame(AVCodecContext *avctx,
         return AVERROR_PATCHWELCOME;
     }
 
-    if (bits_per_color > 32)
+    if (bits_per_color > 31)
         return AVERROR_INVALIDDATA;
 
     buf += 820;
@@ -319,7 +319,7 @@ static int decode_frame(AVCodecContext *avctx,
             minCV = av_int2float(i);
             maxCV = av_int2float(j);
             if (bits_per_color >= 1 &&
-                minCV == 0.0f && maxCV == ((1<<bits_per_color) - 1)) {
+                minCV == 0.0f && maxCV == ((1U<<bits_per_color) - 1)) {
                 avctx->color_range = AVCOL_RANGE_JPEG;
             } else if (bits_per_color >= 8 &&
                        minCV == (1  <<(bits_per_color - 4)) &&