From aa51c943b173d6b958c5940533d7359c0f0ec56b Mon Sep 17 00:00:00 2001
From: Daniel Kang <daniel.d.kang@gmail.com>
Date: Sat, 8 Jan 2011 23:02:49 -0500
Subject: [PATCH] soff size check in tif decoder

---
 libavcodec/tiff.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index c1b71dc..f5d922a 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -540,6 +540,10 @@ static int decode_frame(AVCodecContext *avctx,
             soff = tget(&s->stripdata, s->sot, s->le);
         }else
             soff = s->stripoff;
+        if (soff < 0) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid stripoff: %d\n", soff);
+            return AVERROR(EINVAL);
+        }
         if(tiff_unpack_strip(s, dst, stride, orig_buf + soff, ssize, FFMIN(s->rps, s->height - i)) < 0)
             break;
         dst += s->rps * stride;
--
1.7.2.2