diff options
author | Even Rouault <even.rouault@spatialys.com> | 2019-08-26 18:57:29 +0200 |
---|---|---|
committer | Even Rouault <even.rouault@spatialys.com> | 2019-08-26 18:57:29 +0200 |
commit | 244dfb46afb53243e69e691bfb882dfe388237ba (patch) | |
tree | a8bde616d7b8d9b5f7a36412c5b3339550895fc1 | |
parent | 1a4efdd151ed5eea231004aa6daaaf3493954876 (diff) | |
download | libtiff-git-244dfb46afb53243e69e691bfb882dfe388237ba.tar.gz |
TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16784
-rw-r--r-- | libtiff/tif_dirread.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c index 29874310..467ff840 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -4788,12 +4788,13 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, } } else { tmsize_t m; - tmsize_t off = (tmsize_t) tif->tif_diroff; - if ((uint64)off!=tif->tif_diroff) + tmsize_t off; + if (tif->tif_diroff > (uint64)TIFF_INT64_MAX) { TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count"); return(0); } + off = (tmsize_t) tif->tif_diroff; /* * Check for integer overflow when validating the dir_off, |