From a34418c28e0accd1468ca15fff4d4f138a609f4e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Tue, 19 Feb 2013 17:48:56 +0100
Subject: [PATCH] tiff: check bppcount

Fixes division by 0

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/tiff.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 939cfb2dca..77706c0cda 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -750,6 +750,11 @@ static int tiff_decode_tag(TiffContext *s)
                    "Samples per pixel requires a single value, many provided\n");
             return AVERROR_INVALIDDATA;
         }
+        if (value > 4U) {
+            av_log(s->avctx, AV_LOG_ERROR,
+                   "Samples per pixel %d is too large\n", value);
+            return AVERROR_INVALIDDATA;
+        }
         if (s->bppcount == 1)
             s->bpp *= value;
         s->bppcount = value;