coda_recognize_file_fuzzer: Integer-overflow in read_grib2_message

[schwehr]

third_party/stcorp_coda/libcoda/coda-grib.c:2494:81: runtime error: signed integer overflow: 16777215 * 256 cannot be represented in type 'int'
    #0 0x562cce2d47f1 in read_grib2_message third_party/stcorp_coda/libcoda/coda-grib.c:2494:81
    #1 0x562cce2c05a0 in coda_grib_reopen third_party/stcorp_coda/libcoda/coda-grib.c:3134:17
    #2 0x562cce302aab in reopen_with_backend third_party/stcorp_coda/libcoda/coda-product.c:410:17
    #3 0x562cce2ff898 in open_file third_party/stcorp_coda/libcoda/coda-product.c:552:9
    #4 0x562cce2ff1da in coda_recognize_file third_party/stcorp_coda/libcoda/coda-product.c:596:9
    #5 0x562cce211c31 in LLVMFuzzerTestOneInput third_party/stcorp_coda/fuzz/coda_recognize_file_fuzzer.cc:19:3

Looks like there needs to be the same casting as in a prior issue done throughout read_grib2_message

intvalue = ((buffer[41] * 256 + buffer[42]) * 256 + buffer[43]) * 256 + buffer[44];
intvalue = buffer[41] & 0x80 ? -((int64_t)intvalue - (1 << 31)) : intvalue;
gtype = grib_type[grib2_latitudeOfLastGridPoint];
type = (coda_dynamic_type *)coda_mem_int32_new((coda_type_number *)gtype, NULL, cproduct, intvalue);
coda_mem_record_add_field(grid, "latitudeOfLastGridPoint", type, 0);

intvalue = ((buffer[45] * 256 + buffer[46]) * 256 + buffer[47]) * 256 + buffer[48];  // <--- issue here
intvalue = buffer[45] & 0x80 ? -((int64_t)intvalue - (1 << 31)) : intvalue;
gtype = grib_type[grib2_longitudeOfLastGridPoint];
type = (coda_dynamic_type *)coda_mem_int32_new((coda_type_number *)gtype, NULL, cproduct, intvalue);
coda_mem_record_add_field(grid, "longitudeOfLastGridPoint", type, 0);

I do prefer @rouault's suggestion here using shifts. https://github.com/stcorp/coda/issues/46#issuecomment-612816507

[schwehr]

testcase-5740680706260992.zip

[svniemeijer]

Fixed in ae9757d71f625437eba0cb605c60c49f85131c46

[schwehr]

Verified