From 4ca3e42517b1030f523b28164f6a9d9ba9f12daa Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 2 Dec 2020 10:09:16 +0100
Subject: [PATCH] tif_jpeg.c: avoid potential harmless unsigned integer
 overflow on data->fileoffset in JPEGFixupTagsSubsamplingSkip() by validating
 earlier. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28200

---
 libtiff/tif_jpeg.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
index 2c228570..6711137a 100644
--- a/libtiff/tif_jpeg.c
+++ b/libtiff/tif_jpeg.c
@@ -938,7 +938,10 @@ JPEGFixupTagsSubsamplingReadByte(struct JPEGFixupTagsSubsamplingData* data, uint
 			return(0);
 		if (!data->filepositioned)
 		{
-			TIFFSeekFile(data->tif,data->fileoffset,SEEK_SET);
+			if (TIFFSeekFile(data->tif,data->fileoffset,SEEK_SET) == (toff_t)-1)
+			{
+			    return 0;
+			}
 			data->filepositioned=1;
 		}
 		m=data->buffersize;