cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OJPEGReadBufferFill(): avoid very long processing time on corrupted files. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16400. master only

Browse Source
This commit is contained in:
Even Rouault 2019-08-12 17:55:56 +02:00
parent 187e596861
commit ea69462ea2
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libtiff/tif_ojpeg.c
View File

@ -2024,10 +2024,15 @@ OJPEGReadBufferFill(OJPEGState* sp)
sp->in_buffer_source=osibsEof; sp->in_buffer_source=osibsEof;
else else
{ {
sp->in_buffer_file_pos=TIFFGetStrileOffset(sp->tif, sp->in_buffer_next_strile); int err = 0;
sp->in_buffer_file_pos=TIFFGetStrileOffsetWithErr(sp->tif, sp->in_buffer_next_strile, &err);
if( err )
return 0;
if (sp->in_buffer_file_pos!=0) if (sp->in_buffer_file_pos!=0)
{ {
uint64 bytecount = TIFFGetStrileByteCount(sp->tif, sp->in_buffer_next_strile); uint64 bytecount = TIFFGetStrileByteCountWithErr(sp->tif, sp->in_buffer_next_strile, &err);
if( err )
return 0;
if (sp->in_buffer_file_pos>=sp->file_size) if (sp->in_buffer_file_pos>=sp->file_size)
sp->in_buffer_file_pos=0; sp->in_buffer_file_pos=0;
else if (bytecount==0) else if (bytecount==0)