From 07e63bcdf811a0d53d918c380f9ee2dd3148347b Mon Sep 17 00:00:00 2001
From: Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
Date: Sat, 19 Nov 2016 15:42:46 +0000
Subject: [PATCH] * tools/tiffdump.c (ReadDirectory): Remove uint32 cast to
 _TIFFmalloc() argument which resulted in Coverity report.  Added more
 mutiplication overflow checks.

---
 ChangeLog        |  6 ++++++
 tools/tiffdump.c | 14 +++++++-------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 00ddaf50..fcbd3804 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2016-11-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* tools/tiffdump.c (ReadDirectory): Remove uint32 cast to
+	_TIFFmalloc() argument which resulted in Coverity report.  Added
+	more mutiplication overflow checks.
+
 2016-11-18 Even Rouault <even.rouault at spatialys.com>
 
 	* tools/tiffcrop.c: Fix memory leak in (recent) error code path.
diff --git a/tools/tiffdump.c b/tools/tiffdump.c
index dc84b461..3de0062b 100644
--- a/tools/tiffdump.c
+++ b/tools/tiffdump.c
@@ -1,4 +1,4 @@
-/* $Id: tiffdump.c,v 1.34 2016-07-10 16:56:18 erouault Exp $ */
+/* $Id: tiffdump.c,v 1.35 2016-11-19 15:42:46 bfriesen Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -388,7 +388,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
 		void* datamem;
 		uint64 dataoffset;
 		int datatruncated;
-        int datasizeoverflow;
+                int datasizeoverflow;
 
 		tag = *(uint16*)dp;
 		if (swabflag)
@@ -427,8 +427,8 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
 			typewidth = 0;
 		else
 			typewidth = datawidth[type];
-		datasize = count*typewidth;
-        datasizeoverflow = (typewidth > 0 && datasize / typewidth != count);
+		datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
+                datasizeoverflow = (typewidth > 0 && datasize / typewidth != count);
 		datafits = 1;
 		datamem = dp;
 		dataoffset = 0;
@@ -463,17 +463,17 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
 		{
 			datatruncated = 1;
 			count = 0x10000/typewidth;
-			datasize = count*typewidth;
+			datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
 		}
 		if (count>maxitems)
 		{
 			datatruncated = 1;
 			count = maxitems;
-			datasize = count*typewidth;
+                        datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
 		}
 		if (!datafits)
 		{
-			datamem = _TIFFmalloc((uint32)datasize);
+			datamem = _TIFFmalloc(datasize);
 			if (datamem) {
 				if (_TIFF_lseek_f(fd, (_TIFF_off_t)dataoffset, 0) !=
 				    (_TIFF_off_t)dataoffset)