diff --git a/ChangeLog b/ChangeLog
index 72069c93..f6251ccf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-12-10  Tom Lane  <tgl@sss.pgh.pa.us>
+
+	* libtiff/tif_pixarlog.c: Improve previous patch for CVE-2012-4447
+ 	(to enlarge tbuf for possible partial stride at end) so that
+ 	overflow in the integer addition is detected.  Per gripe from
+ 	Huzaifa Sidhpurwala.
+
 2012-12-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
 
 	* tools/tiffset.c: tiffset now supports a -u option to unset a
diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
index e5831170..044c4115 100644
--- a/libtiff/tif_pixarlog.c
+++ b/libtiff/tif_pixarlog.c
@@ -1,4 +1,4 @@
-/* $Id: tif_pixarlog.c,v 1.38 2012-06-21 01:01:53 fwarmerdam Exp $ */
+/* $Id: tif_pixarlog.c,v 1.39 2012-12-10 17:27:13 tgl Exp $ */
 
 /*
  * Copyright (c) 1996-1997 Sam Leffler
@@ -644,6 +644,20 @@ multiply_ms(tmsize_t m1, tmsize_t m2)
 	return bytes;
 }
 
+static tmsize_t
+add_ms(tmsize_t m1, tmsize_t m2)
+{
+	tmsize_t bytes = m1 + m2;
+
+	/* if either input is zero, assume overflow already occurred */
+	if (m1 == 0 || m2 == 0)
+		bytes = 0;
+	else if (bytes <= m1 || bytes <= m2)
+		bytes = 0;
+
+	return bytes;
+}
+
 static int
 PixarLogFixupTags(TIFF* tif)
 {
@@ -671,9 +685,11 @@ PixarLogSetupDecode(TIFF* tif)
 	    td->td_samplesperpixel : 1);
 	tbuf_size = multiply_ms(multiply_ms(multiply_ms(sp->stride, td->td_imagewidth),
 				      td->td_rowsperstrip), sizeof(uint16));
+	/* add one more stride in case input ends mid-stride */
+	tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride);
 	if (tbuf_size == 0)
 		return (0);   /* TODO: this is an error return without error report through TIFFErrorExt */
-	sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride);
+	sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
 	if (sp->tbuf == NULL)
 		return (0);
 	if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)