Fix crash for files with strip size larger than the buffer.

Fixes issue 2498. Patch by Daniel Kang, daniel.d.kang at gmail Originally committed as revision 26243 to svn://svn.ffmpeg.org/ffmpeg/trunk

Fix crash for files with strip size larger than the buffer.
1ba44140 · Daniel Kang · Carl Eugen Hoyos · 504530bf · 1ba44140
Commit 1ba44140 authored 14 years ago by Daniel Kang Committed by Carl Eugen Hoyos 14 years ago
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -531,6 +531,11 @@ static int decode_frame(AVCodecContext *avctx,
        else
            ssize = s->stripsize;
+        if (ssize > buf_size) {
+            av_log(avctx, AV_LOG_ERROR, "Buffer size is smaller than strip size\n");
+            return -1;
+        }
        if(s->stripdata){
            soff = tget(&s->stripdata, s->sot, s->le);
        }else