cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tif_fax3.h: restore systematic calls to CLEANUP_RUNS()

Browse Source 
now that SETVALUE() no longer cause overflows.
Those were removed per b351db8be1 and
3440ac2164.

As SETVALUE() now returns an error, this allow the decoder to exit.

Otherwise, the assert(x == lastx) in _TIFFFax3fillruns() can trigger.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26201
This commit is contained in:
Even Rouault 2020-10-08 12:20:49 +02:00
parent 4ee4a69bbb
commit a4cae3b8a3
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libtiff/tif_fax3.h
View File

@ -539,9 +539,7 @@ done1d: \
goto eol2d; \ goto eol2d; \
eof2d: \ eof2d: \
prematureEOF(a0); \ prematureEOF(a0); \
if (pa < thisrun + sp->nruns) { \ CLEANUP_RUNS(); \
CLEANUP_RUNS(); \
} \
goto eoflab; \ goto eoflab; \
} \ } \
} \ } \
@ -556,9 +554,7 @@ done1d: \
SETVALUE(0); \ SETVALUE(0); \
} \ } \
eol2d: \ eol2d: \
if (pa < thisrun + sp->nruns) { \ CLEANUP_RUNS(); \
CLEANUP_RUNS(); \
} \
} while (0) } while (0)
#endif /* _FAX3_ */ #endif /* _FAX3_ */
/* vim: set ts=8 sts=4 sw=4 noet: */ /* vim: set ts=8 sts=4 sw=4 noet: */