summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEven Rouault <even.rouault@spatialys.com>2019-08-22 13:02:07 +0200
committerEven Rouault <even.rouault@spatialys.com>2019-08-22 13:02:07 +0200
commitf277541bd8b5facbf4cd76291d0aea1a5538479b (patch)
tree23ba1bd976c23a430f8a3c840bca54858bf08a9d
parentc8f268ef1b8d7a37212ce6e62c0dd23e2f37eb47 (diff)
downloadlibtiff-git-f277541bd8b5facbf4cd76291d0aea1a5538479b.tar.gz
_TIFFMultiply32() / _TIFFMultiply64(): avoid relying on unsigned integer overflow (not a bug)
-rw-r--r--libtiff/tif_aux.c16
-rw-r--r--libtiff/tif_dirread.c10
-rw-r--r--libtiff/tiffiop.h10
3 files changed, 16 insertions, 20 deletions
diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
index 3e9bda43..8188db53 100644
--- a/libtiff/tif_aux.c
+++ b/libtiff/tif_aux.c
@@ -35,27 +35,23 @@
uint32
_TIFFMultiply32(TIFF* tif, uint32 first, uint32 second, const char* where)
{
- uint32 bytes = first * second;
-
- if (second && bytes / second != first) {
+ if (second && first > TIFF_UINT32_MAX / second) {
TIFFErrorExt(tif->tif_clientdata, where, "Integer overflow in %s", where);
- bytes = 0;
+ return 0;
}
- return bytes;
+ return first * second;
}
uint64
_TIFFMultiply64(TIFF* tif, uint64 first, uint64 second, const char* where)
{
- uint64 bytes = first * second;
-
- if (second && bytes / second != first) {
+ if (second && first > TIFF_UINT64_MAX / second) {
TIFFErrorExt(tif->tif_clientdata, where, "Integer overflow in %s", where);
- bytes = 0;
+ return 0;
}
- return bytes;
+ return first * second;
}
tmsize_t
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 87bc030e..5dfef71d 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -41,16 +41,6 @@
#define FAILED_FII ((uint32) -1)
/*
- * Largest 32-bit unsigned integer value.
- */
-#define TIFF_UINT32_MAX 0xFFFFFFFFU
-
-/*
- * Largest 64-bit unsigned integer value.
- */
-#define TIFF_UINT64_MAX (((uint64)(TIFF_UINT32_MAX)) << 32 | TIFF_UINT32_MAX)
-
-/*
* Largest 64-bit signed integer value.
*/
#define TIFF_INT64_MAX ((int64)(TIFF_UINT64_MAX >> 1))
diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
index 60ccc87b..45a79323 100644
--- a/libtiff/tiffiop.h
+++ b/libtiff/tiffiop.h
@@ -80,6 +80,16 @@ extern int snprintf(char* str, size_t size, const char* format, ...);
#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
+/*
+ * Largest 32-bit unsigned integer value.
+ */
+#define TIFF_UINT32_MAX 0xFFFFFFFFU
+
+/*
+ * Largest 64-bit unsigned integer value.
+ */
+#define TIFF_UINT64_MAX (((uint64)(TIFF_UINT32_MAX)) << 32 | TIFF_UINT32_MAX)
+
typedef struct client_info {
struct client_info *next;
void *data;