Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in / Register
Toggle navigation
F
ffmpeg.wasm-core
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Linshizhi
ffmpeg.wasm-core
Commits
292850b6
Commit
292850b6
authored
Jul 16, 2012
by
Paul B Mahol
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
tiff: add smarter checks if there is enough data left
Signed-off-by:
Paul B Mahol
<
onemda@gmail.com
>
parent
1ec83d9a
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
29 additions
and
13 deletions
+29
-13
tiff.c
libavcodec/tiff.c
+29
-13
No files found.
libavcodec/tiff.c
View file @
292850b6
...
...
@@ -65,26 +65,26 @@ typedef struct TiffContext {
static
unsigned
tget_short
(
GetByteContext
*
gb
,
int
le
)
{
unsigned
v
=
le
?
bytestream2_get_le16
(
gb
)
:
bytestream2_get_be16
(
gb
);
unsigned
v
=
le
?
bytestream2_get_le16
u
(
gb
)
:
bytestream2_get_be16u
(
gb
);
return
v
;
}
static
unsigned
tget_long
(
GetByteContext
*
gb
,
int
le
)
{
unsigned
v
=
le
?
bytestream2_get_le32
(
gb
)
:
bytestream2_get_be32
(
gb
);
unsigned
v
=
le
?
bytestream2_get_le32
u
(
gb
)
:
bytestream2_get_be32u
(
gb
);
return
v
;
}
static
double
tget_double
(
GetByteContext
*
gb
,
int
le
)
{
av_alias64
i
=
{
.
u64
=
le
?
bytestream2_get_le64
(
gb
)
:
bytestream2_get_be64
(
gb
)};
av_alias64
i
=
{
.
u64
=
le
?
bytestream2_get_le64
u
(
gb
)
:
bytestream2_get_be64u
(
gb
)};
return
i
.
f64
;
}
static
unsigned
tget
(
GetByteContext
*
gb
,
int
type
,
int
le
)
{
switch
(
type
)
{
case
TIFF_BYTE
:
return
bytestream2_get_byte
(
gb
);
case
TIFF_BYTE
:
return
bytestream2_get_byte
u
(
gb
);
case
TIFF_SHORT
:
return
tget_short
(
gb
,
le
);
case
TIFF_LONG
:
return
tget_long
(
gb
,
le
);
default
:
return
UINT_MAX
;
...
...
@@ -246,8 +246,10 @@ static int add_doubles_metadata(int count,
int
i
;
double
*
dp
;
if
(
count
>=
INT_MAX
/
sizeof
(
int64_t
))
return
AVERROR_INVALIDDATA
;
if
(
bytestream2_get_bytes_left
(
&
s
->
gb
)
<
count
*
sizeof
(
int64_t
))
return
-
1
;
return
AVERROR_INVALIDDATA
;
dp
=
av_malloc
(
count
*
sizeof
(
double
));
if
(
!
dp
)
...
...
@@ -270,8 +272,10 @@ static int add_shorts_metadata(int count, const char *name,
int
i
;
int16_t
*
sp
;
if
(
count
>=
INT_MAX
/
sizeof
(
int16_t
))
return
AVERROR_INVALIDDATA
;
if
(
bytestream2_get_bytes_left
(
&
s
->
gb
)
<
count
*
sizeof
(
int16_t
))
return
-
1
;
return
AVERROR_INVALIDDATA
;
sp
=
av_malloc
(
count
*
sizeof
(
int16_t
));
if
(
!
sp
)
...
...
@@ -590,8 +594,6 @@ static int tiff_decode_tag(TiffContext *s)
uint32_t
*
pal
;
double
*
dp
;
if
(
bytestream2_get_bytes_left
(
&
s
->
gb
)
<
12
)
return
-
1
;
tag
=
tget_short
(
&
s
->
gb
,
s
->
le
);
type
=
tget_short
(
&
s
->
gb
,
s
->
le
);
count
=
tget_long
(
&
s
->
gb
,
s
->
le
);
...
...
@@ -657,7 +659,9 @@ static int tiff_decode_tag(TiffContext *s)
case
TIFF_SHORT
:
case
TIFF_LONG
:
s
->
bpp
=
0
;
for
(
i
=
0
;
i
<
count
&&
bytestream2_get_bytes_left
(
&
s
->
gb
)
>
0
;
i
++
)
if
(
bytestream2_get_bytes_left
(
&
s
->
gb
)
<
type_sizes
[
type
]
*
count
)
return
-
1
;
for
(
i
=
0
;
i
<
count
;
i
++
)
s
->
bpp
+=
tget
(
&
s
->
gb
,
type
,
s
->
le
);
break
;
default:
...
...
@@ -836,6 +840,8 @@ static int tiff_decode_tag(TiffContext *s)
s
->
geotag_count
=
count
/
4
-
1
;
av_log
(
s
->
avctx
,
AV_LOG_WARNING
,
"GeoTIFF key directory buffer shorter than specified
\n
"
);
}
if
(
bytestream2_get_bytes_left
(
&
s
->
gb
)
<
s
->
geotag_count
*
sizeof
(
int16_t
)
*
4
)
return
-
1
;
s
->
geotags
=
av_mallocz
(
sizeof
(
TiffGeoTag
)
*
s
->
geotag_count
);
if
(
!
s
->
geotags
)
{
av_log
(
s
->
avctx
,
AV_LOG_ERROR
,
"Error allocating temporary buffer
\n
"
);
...
...
@@ -853,6 +859,10 @@ static int tiff_decode_tag(TiffContext *s)
}
break
;
case
TIFF_GEO_DOUBLE_PARAMS
:
if
(
count
>=
INT_MAX
/
sizeof
(
int64_t
))
return
AVERROR_INVALIDDATA
;
if
(
bytestream2_get_bytes_left
(
&
s
->
gb
)
<
count
*
sizeof
(
int64_t
))
return
AVERROR_INVALIDDATA
;
dp
=
av_malloc
(
count
*
sizeof
(
double
));
if
(
!
dp
)
{
av_log
(
s
->
avctx
,
AV_LOG_ERROR
,
"Error allocating temporary buffer
\n
"
);
...
...
@@ -886,13 +896,17 @@ static int tiff_decode_tag(TiffContext *s)
||
s
->
geotags
[
i
].
offset
+
s
->
geotags
[
i
].
count
>
count
)
{
av_log
(
s
->
avctx
,
AV_LOG_WARNING
,
"Invalid GeoTIFF key %d
\n
"
,
s
->
geotags
[
i
].
key
);
}
else
{
char
*
ap
=
av_malloc
(
s
->
geotags
[
i
].
count
);
char
*
ap
;
bytestream2_seek
(
&
s
->
gb
,
pos
+
s
->
geotags
[
i
].
offset
,
SEEK_SET
);
if
(
bytestream2_get_bytes_left
(
&
s
->
gb
)
<
s
->
geotags
[
i
].
count
)
return
-
1
;
ap
=
av_malloc
(
s
->
geotags
[
i
].
count
);
if
(
!
ap
)
{
av_log
(
s
->
avctx
,
AV_LOG_ERROR
,
"Error allocating temporary buffer
\n
"
);
return
AVERROR
(
ENOMEM
);
}
bytestream2_seek
(
&
s
->
gb
,
pos
+
s
->
geotags
[
i
].
offset
,
SEEK_SET
);
bytestream2_get_buffer
(
&
s
->
gb
,
ap
,
s
->
geotags
[
i
].
count
);
bytestream2_get_bufferu
(
&
s
->
gb
,
ap
,
s
->
geotags
[
i
].
count
);
ap
[
s
->
geotags
[
i
].
count
-
1
]
=
'\0'
;
//replace the "|" delimiter with a 0 byte
s
->
geotags
[
i
].
val
=
ap
;
}
...
...
@@ -927,7 +941,7 @@ static int decode_frame(AVCodecContext *avctx,
//parse image header
if
(
avpkt
->
size
<
8
)
return
AVERROR_INVALIDDATA
;
id
=
bytestream2_get_le16
(
&
s
->
gb
);
id
=
bytestream2_get_le16
u
(
&
s
->
gb
);
if
(
id
==
0x4949
)
le
=
1
;
else
if
(
id
==
0x4D4D
)
...
...
@@ -961,6 +975,8 @@ static int decode_frame(AVCodecContext *avctx,
}
bytestream2_seek
(
&
s
->
gb
,
off
,
SEEK_SET
);
entries
=
tget_short
(
&
s
->
gb
,
le
);
if
(
bytestream2_get_bytes_left
(
&
s
->
gb
)
<
entries
*
12
)
return
AVERROR_INVALIDDATA
;
for
(
i
=
0
;
i
<
entries
;
i
++
)
{
if
(
tiff_decode_tag
(
s
)
<
0
)
return
-
1
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment