tif_fax3.h: restore systematic calls to CLEANUP_RUNS()

now that SETVALUE() no longer cause overflows. Those were removed per b351db8be1 and 3440ac2164. As SETVALUE() now returns an error, this allow the decoder to exit. Otherwise, the assert(x == lastx) in _TIFFFax3fillruns() can trigger. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26201
2020-10-08 12:20:49 +02:00 · 2020-10-08 12:20:49 +02:00 · a4cae3b8a3
commit a4cae3b8a3
parent 4ee4a69bbb
1 changed files with 2 additions and 6 deletions
--- a/libtiff/tif_fax3.h
+++ b/libtiff/tif_fax3.h
@ -539,9 +539,7 @@ done1d:									\
 	    goto eol2d;							\
 	eof2d:								\
 	    prematureEOF(a0);						\
-		if (pa < thisrun + sp->nruns) {				\
-		    CLEANUP_RUNS();					\
-		}							\
+	    CLEANUP_RUNS();						\
 	    goto eoflab;						\
 	}								\
    }									\
@ -556,9 +554,7 @@ done1d:									\
 	SETVALUE(0);							\
    }									\
 eol2d:									\
-    if (pa < thisrun + sp->nruns) {					\
-	CLEANUP_RUNS();							\
-    }									\
+    CLEANUP_RUNS();							\
 } while (0)
 #endif /* _FAX3_ */
 /* vim: set ts=8 sts=4 sw=4 noet: */