falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

tiff: do not overread the source buffer 

At least 2 bytes from the source are read every loop.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
tags/n2.0
Luca Barbato 12 years ago
parent
999ccd2d0a
commit
9c22169769
1 changed files with 4 additions and 1 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -1
      libavcodec/tiff.c

+ 4
- 1
libavcodec/tiff.c View File

@@ -224,10 +224,13 @@ static int tiff_unpack_strip(TiffContext *s, uint8_t *dst, int stride,
break; break;
case TIFF_PACKBITS: case TIFF_PACKBITS:
for (pixels = 0; pixels < width;) { for (pixels = 0; pixels < width;) {
if (ssrc + size - src < 2)
return AVERROR_INVALIDDATA;
code = (int8_t) *src++; code = (int8_t) *src++;
if (code >= 0) { if (code >= 0) {
code++; code++;
if (pixels + code > width) {
if (pixels + code > width ||
ssrc + size - src < code) {
av_log(s->avctx, AV_LOG_ERROR, av_log(s->avctx, AV_LOG_ERROR,
"Copy went out of bounds\n"); "Copy went out of bounds\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;


Write Preview
Loading…
Cancel
Save