cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16784

Browse Source
This commit is contained in:
Even Rouault 2019-08-26 18:57:29 +02:00
parent 1a4efdd151
commit 244dfb46af
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libtiff/tif_dirread.c
View File

@ -4788,12 +4788,13 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
} }
} else { } else {
tmsize_t m; tmsize_t m;
tmsize_t off = (tmsize_t) tif->tif_diroff; tmsize_t off;
if ((uint64)off!=tif->tif_diroff) if (tif->tif_diroff > (uint64)TIFF_INT64_MAX)
{ {
TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count"); TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count");
return(0); return(0);
} }
off = (tmsize_t) tif->tif_diroff;
/* /*
* Check for integer overflow when validating the dir_off, * Check for integer overflow when validating the dir_off,