cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tif_ojpeg.c: avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16793

Browse Source
This commit is contained in:
Even Rouault 2019-08-27 10:58:21 +02:00
parent 9034afb440
commit c22f319eb4
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libtiff/tif_ojpeg.c
View File

@ -1317,7 +1317,9 @@ OJPEGReadHeaderInfoSec(TIFF* tif)
}
else
{
if ((sp->jpeg_interchange_format_length==0) || (sp->jpeg_interchange_format+sp->jpeg_interchange_format_length>sp->file_size))
if ((sp->jpeg_interchange_format_length==0) ||
(sp->jpeg_interchange_format > TIFF_UINT64_MAX - sp->jpeg_interchange_format_length) ||
(sp->jpeg_interchange_format+sp->jpeg_interchange_format_length>sp->file_size))
sp->jpeg_interchange_format_length=sp->file_size-sp->jpeg_interchange_format;
}
}