From 324aa65c0df9fc74349b63b3e35a3888596cd468 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Tue, 20 Aug 2019 18:09:46 +0200 Subject: [PATCH] EstimateStripByteCounts(): avoid harmless unsigned integer overflow --- libtiff/tif_dirread.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c index 02642057..605b5b95 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -4578,8 +4578,14 @@ EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount) * of data in the strip and trim this number back accordingly. */ strip--; - if (td->td_stripoffset_p[strip]+td->td_stripbytecount_p[strip] > filesize) - td->td_stripbytecount_p[strip] = filesize - td->td_stripoffset_p[strip]; + if (td->td_stripoffset_p[strip]+td->td_stripbytecount_p[strip] > filesize) { + if( td->td_stripoffset_p[strip] >= filesize ) { + /* Not sure what we should in that case... */ + td->td_stripbytecount_p[strip] = 0; + } else { + td->td_stripbytecount_p[strip] = filesize - td->td_stripoffset_p[strip]; + } + } } else if (isTiled(tif)) { uint64 bytespertile = TIFFTileSize64(tif);