From a4cae3b8a3a427ee98030d49f39faf8e8964ef69 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 8 Oct 2020 12:20:49 +0200
Subject: [PATCH] tif_fax3.h: restore systematic calls to CLEANUP_RUNS()

now that SETVALUE() no longer cause overflows.
Those were removed per b351db8be1b4d3f712bdb9424a79d3174cc03202 and
3440ac216463fcad170bbb391491e69730a59ffa.

As SETVALUE() now returns an error, this allow the decoder to exit.

Otherwise, the assert(x == lastx) in _TIFFFax3fillruns() can trigger.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26201
---
 libtiff/tif_fax3.h | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/libtiff/tif_fax3.h b/libtiff/tif_fax3.h
index 61e9522a..701716cc 100644
--- a/libtiff/tif_fax3.h
+++ b/libtiff/tif_fax3.h
@@ -539,9 +539,7 @@ done1d:									\
 	    goto eol2d;							\
 	eof2d:								\
 	    prematureEOF(a0);						\
-		if (pa < thisrun + sp->nruns) {				\
-		    CLEANUP_RUNS();					\
-		}							\
+	    CLEANUP_RUNS();						\
 	    goto eoflab;						\
 	}								\
     }									\
@@ -556,9 +554,7 @@ done1d:									\
 	SETVALUE(0);							\
     }									\
 eol2d:									\
-    if (pa < thisrun + sp->nruns) {					\
-	CLEANUP_RUNS();							\
-    }									\
+    CLEANUP_RUNS();							\
 } while (0)
 #endif /* _FAX3_ */
 /* vim: set ts=8 sts=4 sw=4 noet: */