[FFmpeg-cvslog] tiff: check bppcount

Tue Feb 19 18:05:11 CET 2013

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Feb 19 17:48:56 2013 +0100| [a34418c28e0accd1468ca15fff4d4f138a609f4e] | committer: Michael Niedermayer

tiff: check bppcount

Fixes division by 0

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a34418c28e0accd1468ca15fff4d4f138a609f4e
---

 libavcodec/tiff.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 939cfb2..77706c0 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -750,6 +750,11 @@ static int tiff_decode_tag(TiffContext *s)
                    "Samples per pixel requires a single value, many provided\n");
             return AVERROR_INVALIDDATA;
         }
+        if (value > 4U) {
+            av_log(s->avctx, AV_LOG_ERROR,
+                   "Samples per pixel %d is too large\n", value);
+            return AVERROR_INVALIDDATA;
+        }
         if (s->bppcount == 1)
             s->bpp *= value;
         s->bppcount = value;

