Fix undefined behavior in pngvalid.c

Undefined because (png_byte) << shift is undefined if it changes the signed bit (because png_byte is promoted to int). The libpng exported functions png_get_uint_32 and png_get_uint_16 handle this. Bug reported by David Drysdale as a result of reports from UBSAN in clang 3.8. This changes pngvalid to use BE random numbers; this used to produce errors but these should not be fixed as a result of the previous changes. Signed-off-by: John Bowler <jbowler@acm.org>
author: John Bowler <jbowler@acm.org> 2015-12-17 12:53:08 -0800
committer: John Bowler <jbowler@acm.org> 2015-12-17 12:57:49 -0800
commit: 829cba63d385fd011db8e8473100623cd819cea3 (patch)
tree: fd0b781cb8ad46c14cb08247a913188febf5ca5f
parent: b409572cec7ebd75d0eaf1955af28cf07ff2641e (diff)
download: libpng-829cba63d385fd011db8e8473100623cd819cea3.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/contrib/libtests/pngvalid.c b/contrib/libtests/pngvalid.c
index 070757c01..337e84384 100644
--- a/contrib/libtests/pngvalid.c
+++ b/contrib/libtests/pngvalid.c
@@ -305,7 +305,7 @@ static void r16(png_uint_16p p16, size_t count)
    {
       unsigned char b2[2];
       randomize(b2, sizeof b2);
-      *p16++ = 0xFFFFU & ((b2[1] << 8) + b2[0]);
+      *p16++ = png_get_uint_16(b2);
    }
 }
 
@@ -322,7 +322,7 @@ static void r32(png_uint_32p p32, size_t count)
    {
       unsigned char b4[4];
       randomize(b4, sizeof b4);
-      *p32++ = (b4[3] << 24) + (b4[2] << 16) + (b4[1] << 8) + b4[0];
+      *p32++ = png_get_uint_32(b4);
    }
 }
author	John Bowler <jbowler@acm.org>	2015-12-17 12:53:08 -0800
committer	John Bowler <jbowler@acm.org>	2015-12-17 12:57:49 -0800
commit	829cba63d385fd011db8e8473100623cd819cea3 (patch)
tree	fd0b781cb8ad46c14cb08247a913188febf5ca5f
parent	b409572cec7ebd75d0eaf1955af28cf07ff2641e (diff)
download	libpng-829cba63d385fd011db8e8473100623cd819cea3.tar.gz