* tools/tiffdump.c (ReadDirectory): Remove uint32 cast to

_TIFFmalloc() argument which resulted in Coverity report.  Added
more mutiplication overflow checks.

ChangeLog

@@ -1,3 +1,9 @@
+2016-11-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* tools/tiffdump.c (ReadDirectory): Remove uint32 cast to
+	_TIFFmalloc() argument which resulted in Coverity report.  Added
+	more mutiplication overflow checks.
+
 2016-11-18 Even Rouault <even.rouault at spatialys.com>
 
 	* tools/tiffcrop.c: Fix memory leak in (recent) error code path.

tools/tiffdump.c

@@ -1,4 +1,4 @@
-/* $Id: tiffdump.c,v 1.34 2016-07-10 16:56:18 erouault Exp $ */
+/* $Id: tiffdump.c,v 1.35 2016-11-19 15:42:46 bfriesen Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -427,7 +427,7 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
 			typewidth = 0;
 		else
 			typewidth = datawidth[type];
-		datasize = count*typewidth;
+		datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
                 datasizeoverflow = (typewidth > 0 && datasize / typewidth != count);
 		datafits = 1;
 		datamem = dp;
@@ -463,17 +463,17 @@ ReadDirectory(int fd, unsigned int ix, uint64 off)
 		{
 			datatruncated = 1;
 			count = 0x10000/typewidth;
-			datasize = count*typewidth;
+			datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
 		}
 		if (count>maxitems)
 		{
 			datatruncated = 1;
 			count = maxitems;
-			datasize = count*typewidth;
+                        datasize = TIFFSafeMultiply(tmsize_t,count,typewidth);
 		}
 		if (!datafits)
 		{
-			datamem = _TIFFmalloc((uint32)datasize);
+			datamem = _TIFFmalloc(datasize);
 			if (datamem) {
 				if (_TIFF_lseek_f(fd, (_TIFF_off_t)dataoffset, 0) !=
 				    (_TIFF_off_t)dataoffset)