From 1302ffb350456ea0c51c21bc45172abe20cdde63 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 16 Aug 2019 19:47:42 +0200 Subject: [PATCH] setByteArray(): avoid potential signed integer overflow. Pointed by Hendra Gunadi. No actual problem known (which does not mean there wouldn't be any. Particularly on 32bit builds) --- libtiff/tif_dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c index 4a3fcd55..dd3dd6a6 100644 --- a/libtiff/tif_dir.c +++ b/libtiff/tif_dir.c @@ -46,8 +46,8 @@ setByteArray(void** vpp, void* vp, size_t nmemb, size_t elem_size) *vpp = 0; } if (vp) { - tmsize_t bytes = (tmsize_t)(nmemb * elem_size); - if (elem_size && bytes / elem_size == nmemb) + tmsize_t bytes = _TIFFMultiplySSize(NULL, nmemb, elem_size, NULL); + if (elem_size) *vpp = (void*) _TIFFmalloc(bytes); if (*vpp) _TIFFmemcpy(*vpp, vp, bytes);