RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/tiff: Do not overrun the array ends in dng_blit() 

Fixes: out of array access
Fixes: 23589/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5110559589793792.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-07-01 23:05:22 +02:00
parent 1679f23beb
commit f35caea77f
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/tiff.c
View File

@ -859,8 +859,11 @@ static void dng_blit(TiffContext *s, uint8_t *dst, int dst_stride,
} }
} else { } else {
for (line = 0; line < height; line++) { for (line = 0; line < height; line++) {
uint8_t *dst_u8 = dst;
const uint8_t *src_u8 = src;
for (col = 0; col < width; col++) for (col = 0; col < width; col++)
*dst++ = dng_process_color8(*src++, s->dng_lut, s->black_level, scale_factor); *dst_u8++ = dng_process_color8(*src_u8++, s->dng_lut, s->black_level, scale_factor);
dst += dst_stride; dst += dst_stride;
src += src_stride; src += src_stride;