cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TIFFStartStrip(): avoid potential crash in WebP codec when using scanline access on corrupted files. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26650

Browse Source
This commit is contained in:
Even Rouault 2020-10-26 11:32:42 +01:00
parent b0469e8157
commit 2e822691d7
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libtiff/tif_read.c
View File

@ -1445,8 +1445,16 @@ TIFFStartStrip(TIFF* tif, uint32 strip)
else else
tif->tif_rawcc = (tmsize_t)TIFFGetStrileByteCount(tif, strip); tif->tif_rawcc = (tmsize_t)TIFFGetStrileByteCount(tif, strip);
} }
return ((*tif->tif_predecode)(tif, if ((*tif->tif_predecode)(tif,
(uint16)(strip / td->td_stripsperimage))); (uint16)(strip / td->td_stripsperimage)) == 0 ) {
/* Needed for example for scanline access, if tif_predecode */
/* fails, and we try to read the same strip again. Without invalidating */
/* tif_curstrip, we'd call tif_decoderow() on a possibly invalid */
/* codec state. */
tif->tif_curstrip = NOSTRIP;
return 0;
}
return 1;
} }
/* /*