cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

EstimateStripByteCounts(): avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16643&

Browse Source
This commit is contained in:
Even Rouault 2019-08-23 13:03:44 +02:00
parent 5f6349d3f8
commit ea271d7434
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libtiff/tif_dirread.c
View File

@ -4590,8 +4590,12 @@ EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
uint64 rowbytes = TIFFScanlineSize64(tif);
uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage;
for (strip = 0; strip < td->td_nstrips; strip++)
{
if( rowbytes > 0 && rowsperstrip > TIFF_UINT64_MAX / rowbytes )
return -1;
td->td_stripbytecount_p[strip] = rowbytes * rowsperstrip;
}
}
TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS);
if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP))
td->td_rowsperstrip = td->td_imagelength;