Message ID | 20170321015202.8604-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 3182e19c1c29eef60208a67ad8ecad1d9a2d0694 |
Headers | show |
On Tue, Mar 21, 2017 at 02:52:01AM +0100, Michael Niedermayer wrote: > Fixes memleak > Fixes: 874/clusterfuzz-testcase-5252796175613952 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/tiff.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) patchset applied [...]
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index 5a6573fb79..3aaf63338d 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -1071,7 +1071,8 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame) s->geotag_count = count / 4 - 1; av_log(s->avctx, AV_LOG_WARNING, "GeoTIFF key directory buffer shorter than specified\n"); } - if (bytestream2_get_bytes_left(&s->gb) < s->geotag_count * sizeof(int16_t) * 4) { + if ( bytestream2_get_bytes_left(&s->gb) < s->geotag_count * sizeof(int16_t) * 4 + || s->geotag_count == 0) { s->geotag_count = 0; return -1; }
Fixes memleak Fixes: 874/clusterfuzz-testcase-5252796175613952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/tiff.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)