[FFmpeg-cvslog] tiff: check bppcount

Michael Niedermayer git at videolan.org
Wed Feb 20 01:26:31 CET 2013


ffmpeg | branch: release/0.8 | Michael Niedermayer <michaelni at gmx.at> | Tue Feb 19 17:48:56 2013 +0100| [8aedb751567457d6f0d16ba3c5b6400f99791fb7] | committer: Michael Niedermayer

tiff: check bppcount

Fixes division by 0

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit a34418c28e0accd1468ca15fff4d4f138a609f4e)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8aedb751567457d6f0d16ba3c5b6400f99791fb7
---

 libavcodec/tiff.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 2ca6d5c..d26135e 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -360,6 +360,11 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t *start, const uint8_t *
                    "Samples per pixel requires a single value, many provided\n");
             return AVERROR_INVALIDDATA;
         }
+        if (value > 4U) {
+            av_log(s->avctx, AV_LOG_ERROR,
+                   "Samples per pixel %d is too large\n", value);
+            return AVERROR_INVALIDDATA;
+        }
         if (s->bppcount == 1)
             s->bpp *= value;
         s->bppcount = value;



More information about the ffmpeg-cvslog mailing list