[FFmpeg-devel] [PATCH] avcodec/tiff: check denominator values in tiff_decode_tag()
James Almer
jamrial at gmail.com
Sun Oct 27 15:26:45 EET 2019
Fixes ticket #8327.
Signed-off-by: James Almer <jamrial at gmail.com>
---
The first case may be for either black level or SAR, so i decided to use a
generic error message.
libavcodec/tiff.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index f537e99b5a..636614aa28 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1240,6 +1240,11 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
case TIFF_RATIONAL:
value = ff_tget(&s->gb, TIFF_LONG, s->le);
value2 = ff_tget(&s->gb, TIFF_LONG, s->le);
+ if (!value2) {
+ av_log(s->avctx, AV_LOG_ERROR, "Invalid denominator in rational\n");
+ return AVERROR_INVALIDDATA;
+ }
+
break;
case TIFF_STRING:
if (count <= 4) {
@@ -1413,6 +1418,10 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
if (type == TIFF_RATIONAL) {
value = ff_tget(&s->gb, TIFF_LONG, s->le);
value2 = ff_tget(&s->gb, TIFF_LONG, s->le);
+ if (!value2) {
+ av_log(s->avctx, AV_LOG_ERROR, "Invalid black level denominator\n");
+ return AVERROR_INVALIDDATA;
+ }
s->black_level = value / value2;
} else
--
2.23.0
More information about the ffmpeg-devel
mailing list