virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

avcodec/tiff: Check for Tiled and Stripped TIFFs

Browse Source 
TIFF 6 spec: "Do not use both strip-oriented and tile-oriented fields in the same TIFF file."

Fixes: null pointer use, crash
Fixes: crash-762680f9d1b27f9b9085e12887ad44893fb2b020

Found-by: Shiziru <lunasl@protonmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2020-02-19 15:15:42 +01:00
parent 49459aca47
commit 70faa9f618
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/tiff.c
View File

@@ -1758,6 +1758,7 @@ static int decode_frame(AVCodecContext *avctx,
GetByteContext stripdata; GetByteContext stripdata;
int retry_for_subifd, retry_for_page; int retry_for_subifd, retry_for_page;
int is_dng; int is_dng;
int has_tile_bits, has_strip_bits;
bytestream2_init(&s->gb, avpkt->data, avpkt->size); bytestream2_init(&s->gb, avpkt->data, avpkt->size);
@@ -1885,6 +1886,14 @@ again:
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
has_tile_bits = s->is_tiled || s->tile_byte_counts_offset || s->tile_offsets_offset || s->tile_width || s->tile_length || s->tile_count;
has_strip_bits = s->strippos || s->strips || s->stripoff || s->rps || s->sot || s->sstype || s->stripsize || s->stripsizesoff;
if (has_tile_bits && has_strip_bits) {
av_log(avctx, AV_LOG_ERROR, "Tiled TIFF is not allowed to strip\n");
return AVERROR_INVALIDDATA;
}
/* now we have the data and may start decoding */ /* now we have the data and may start decoding */
if ((ret = init_image(s, &frame)) < 0) if ((ret = init_image(s, &frame)) < 0)
return ret; return ret;