From ceeac6d29df7ce173759fb6a633723c698f69516 Mon Sep 17 00:00:00 2001
From: Daniel Kang <daniel.d.kang@gmail.com>
Date: Thu, 6 Jan 2011 08:25:30 -0500
Subject: [PATCH] Add sanity check on tif buffer size.

---
 libavcodec/tiff.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 285cc40..a23af1a 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -531,6 +531,11 @@ static int decode_frame(AVCodecContext *avctx,
         else
             ssize = s->stripsize;

+        if (ssize > buf_size) {
+            av_log(avctx, AV_LOG_ERROR, "Buffer size is smaller than strip size\n");
+            return -1;
+        }
+
         if(s->stripdata){
             soff = tget(&s->stripdata, s->sot, s->le);
         }else
--
1.7.2.2