virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00
Code Issues Releases Activity

tiffdec: check overread for packbits

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-04-15 20:19:42 +02:00
parent 2837d8dc27
commit fefc65675e
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/tiff.c
View File

@ -253,6 +253,10 @@ static int tiff_unpack_strip(TiffContext *s, uint8_t *dst, int stride,
break;
case TIFF_PACKBITS:
for (pixels = 0; pixels < width;) {
if (ssrc + size - src < 2) {
av_log(s->avctx, AV_LOG_ERROR, "Read went out of bounds\n");
return AVERROR_INVALIDDATA;
}
code = (int8_t) * src++;
if (code >= 0) {
code++;
@ -261,6 +265,10 @@ static int tiff_unpack_strip(TiffContext *s, uint8_t *dst, int stride,
"Copy went out of bounds\n");
return -1;
}
if (ssrc + size - src < code) {
av_log(s->avctx, AV_LOG_ERROR, "Read went out of bounds\n");
return AVERROR_INVALIDDATA;
}
horizontal_fill(s->bpp * (s->avctx->pix_fmt == PIX_FMT_PAL8),
dst, 1, src, 0, code, pixels);
src += code;