cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tif_jpeg.c: avoid potential harmless unsigned integer overflow on data->fileoffset in JPEGFixupTagsSubsamplingSkip() by validating earlier. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28200

Browse Source
This commit is contained in:
Even Rouault 2020-12-02 10:09:16 +01:00
parent 0f013e5b5a
commit 4ca3e42517
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libtiff/tif_jpeg.c
View File

@ -938,7 +938,10 @@ JPEGFixupTagsSubsamplingReadByte(struct JPEGFixupTagsSubsamplingData* data, uint
return(0); return(0);
if (!data->filepositioned) if (!data->filepositioned)
{ {
TIFFSeekFile(data->tif,data->fileoffset,SEEK_SET); if (TIFFSeekFile(data->tif,data->fileoffset,SEEK_SET) == (toff_t)-1)
{
return 0;
}
data->filepositioned=1; data->filepositioned=1;
} }
m=data->buffersize; m=data->buffersize;