tif_ojpeg.c: avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16793

This commit is contained in:
Even Rouault 2019-08-27 10:58:21 +02:00
parent 9034afb440
commit c22f319eb4
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D

View File

@ -1317,7 +1317,9 @@ OJPEGReadHeaderInfoSec(TIFF* tif)
} }
else else
{ {
if ((sp->jpeg_interchange_format_length==0) || (sp->jpeg_interchange_format+sp->jpeg_interchange_format_length>sp->file_size)) if ((sp->jpeg_interchange_format_length==0) ||
(sp->jpeg_interchange_format > TIFF_UINT64_MAX - sp->jpeg_interchange_format_length) ||
(sp->jpeg_interchange_format+sp->jpeg_interchange_format_length>sp->file_size))
sp->jpeg_interchange_format_length=sp->file_size-sp->jpeg_interchange_format; sp->jpeg_interchange_format_length=sp->file_size-sp->jpeg_interchange_format;
} }
} }