Fix crash for files with strip size larger than the buffer.

Fixes issue 2498. Patch by Daniel Kang, daniel.d.kang at gmail Originally committed as revision 26243 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Daniel Kang <daniel.d.kang@gmail.com> 2011-01-06 14:44:50 +0000
committer: Carl Eugen Hoyos <cehoyos@rainbow.studorg.tuwien.ac.at> 2011-01-06 14:44:50 +0000
commit: 1ba44140a3169868eb94e62888d8d2f9861968ab (patch)
tree: f3b4780d21d6533e1ea5fdb965557b690565ed33
parent: 504530bfbadfef05230179bccb0e733f032ac1a3 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 285cc40249..a23af1ab6f 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -531,6 +531,11 @@ static int decode_frame(AVCodecContext *avctx,
         else
             ssize = s->stripsize;
 
+        if (ssize > buf_size) {
+            av_log(avctx, AV_LOG_ERROR, "Buffer size is smaller than strip size\n");
+            return -1;
+        }
+
         if(s->stripdata){
             soff = tget(&s->stripdata, s->sot, s->le);
         }else
author	Daniel Kang <daniel.d.kang@gmail.com>	2011-01-06 14:44:50 +0000
committer	Carl Eugen Hoyos <cehoyos@rainbow.studorg.tuwien.ac.at>	2011-01-06 14:44:50 +0000
commit	1ba44140a3169868eb94e62888d8d2f9861968ab (patch)
tree	f3b4780d21d6533e1ea5fdb965557b690565ed33
parent	504530bfbadfef05230179bccb0e733f032ac1a3 (diff)