[FFmpeg-cvslog] tiffdec: check rps, fix infinite loop.

Michael Niedermayer git at videolan.org
Fri Nov 9 20:03:51 CET 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Nov  9 19:28:23 2012 +0100| [02a325cb6fdc1e33a45191cbfbfe4298affcd021] | committer: Michael Niedermayer

tiffdec: check rps, fix infinite loop.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=02a325cb6fdc1e33a45191cbfbfe4298affcd021
---

 libavcodec/tiff.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 45c2476..f00b1ad 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1089,6 +1089,11 @@ static int decode_frame(AVCodecContext *avctx,
         bytestream2_init(&stripdata, avpkt->data + s->strippos, avpkt->size - s->strippos);
     }
 
+    if (s->rps <= 0) {
+        av_log(avctx, AV_LOG_ERROR, "rps %d invalid\n", s->rps);
+        return AVERROR_INVALIDDATA;
+    }
+
     for (i = 0; i < s->height; i += s->rps) {
         if (s->stripsizesoff)
             ssize = tget(&stripsizes, s->sstype, s->le);



More information about the ffmpeg-cvslog mailing list