diff options
author | Even Rouault <even.rouault@spatialys.com> | 2019-08-16 19:47:42 +0200 |
---|---|---|
committer | Even Rouault <even.rouault@spatialys.com> | 2019-08-16 19:47:42 +0200 |
commit | 1302ffb350456ea0c51c21bc45172abe20cdde63 (patch) | |
tree | 7082ed01cf2abb428fe603d6c7693b0e4d156c18 | |
parent | 4bb584a35f87af42d6cf09d15e9ce8909a839145 (diff) | |
download | libtiff-git-1302ffb350456ea0c51c21bc45172abe20cdde63.tar.gz |
setByteArray(): avoid potential signed integer overflow. Pointed by Hendra Gunadi. No actual problem known (which does not mean there wouldn't be any. Particularly on 32bit builds)
-rw-r--r-- | libtiff/tif_dir.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c index 4a3fcd55..dd3dd6a6 100644 --- a/libtiff/tif_dir.c +++ b/libtiff/tif_dir.c @@ -46,8 +46,8 @@ setByteArray(void** vpp, void* vp, size_t nmemb, size_t elem_size) *vpp = 0; } if (vp) { - tmsize_t bytes = (tmsize_t)(nmemb * elem_size); - if (elem_size && bytes / elem_size == nmemb) + tmsize_t bytes = _TIFFMultiplySSize(NULL, nmemb, elem_size, NULL); + if (elem_size) *vpp = (void*) _TIFFmalloc(bytes); if (*vpp) _TIFFmemcpy(*vpp, vp, bytes); |