diff mbox series

[FFmpeg-devel,3/6] avcodec/tiff: Check strip values when they will be used

Message ID 20201227174938.27369-3-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/6] avformat/mxfdec: Do not clear arrays in mxf_read_index_entry_array()
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Michael Niedermayer Dec. 27, 2020, 5:49 p.m. UTC
Regression since: da5b3d002862d1e105002a6dc1567e6551860896

Fixes: Assertion buf_size >= 0 failed at libavcodec/bytestream.h:151
Fixes: 28599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5362335027953664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/tiff.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index fa1f44ce1d..d1ca45409a 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1930,7 +1930,7 @@  again:
     if ((ret = init_image(s, &frame)) < 0)
         return ret;
 
-    if (!s->is_tiled) {
+    if (has_strip_bits) {
         if (s->strips == 1 && !s->stripsize) {
             av_log(avctx, AV_LOG_WARNING, "Image data size missing\n");
             s->stripsize = avpkt->size - s->stripoff;