mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
tiff: dont leave geotag_count in an invalid state on errors.
Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
f28043d0a3
commit
0e3dacb11e
@ -905,11 +905,14 @@ static int tiff_decode_tag(TiffContext *s)
|
||||
s->geotag_count = count / 4 - 1;
|
||||
av_log(s->avctx, AV_LOG_WARNING, "GeoTIFF key directory buffer shorter than specified\n");
|
||||
}
|
||||
if (bytestream2_get_bytes_left(&s->gb) < s->geotag_count * sizeof(int16_t) * 4)
|
||||
if (bytestream2_get_bytes_left(&s->gb) < s->geotag_count * sizeof(int16_t) * 4) {
|
||||
s->geotag_count = 0;
|
||||
return -1;
|
||||
}
|
||||
s->geotags = av_mallocz(sizeof(TiffGeoTag) * s->geotag_count);
|
||||
if (!s->geotags) {
|
||||
av_log(s->avctx, AV_LOG_ERROR, "Error allocating temporary buffer\n");
|
||||
s->geotag_count = 0;
|
||||
return AVERROR(ENOMEM);
|
||||
}
|
||||
for (i = 0; i < s->geotag_count; i++) {
|
||||
|
Loading…
Reference in New Issue
Block a user