diff options
author | Even Rouault <even.rouault@spatialys.com> | 2019-08-22 13:02:07 +0200 |
---|---|---|
committer | Even Rouault <even.rouault@spatialys.com> | 2019-08-22 13:02:07 +0200 |
commit | f277541bd8b5facbf4cd76291d0aea1a5538479b (patch) | |
tree | 23ba1bd976c23a430f8a3c840bca54858bf08a9d | |
parent | c8f268ef1b8d7a37212ce6e62c0dd23e2f37eb47 (diff) | |
download | libtiff-git-f277541bd8b5facbf4cd76291d0aea1a5538479b.tar.gz |
_TIFFMultiply32() / _TIFFMultiply64(): avoid relying on unsigned integer overflow (not a bug)
-rw-r--r-- | libtiff/tif_aux.c | 16 | ||||
-rw-r--r-- | libtiff/tif_dirread.c | 10 | ||||
-rw-r--r-- | libtiff/tiffiop.h | 10 |
3 files changed, 16 insertions, 20 deletions
diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c index 3e9bda43..8188db53 100644 --- a/libtiff/tif_aux.c +++ b/libtiff/tif_aux.c @@ -35,27 +35,23 @@ uint32 _TIFFMultiply32(TIFF* tif, uint32 first, uint32 second, const char* where) { - uint32 bytes = first * second; - - if (second && bytes / second != first) { + if (second && first > TIFF_UINT32_MAX / second) { TIFFErrorExt(tif->tif_clientdata, where, "Integer overflow in %s", where); - bytes = 0; + return 0; } - return bytes; + return first * second; } uint64 _TIFFMultiply64(TIFF* tif, uint64 first, uint64 second, const char* where) { - uint64 bytes = first * second; - - if (second && bytes / second != first) { + if (second && first > TIFF_UINT64_MAX / second) { TIFFErrorExt(tif->tif_clientdata, where, "Integer overflow in %s", where); - bytes = 0; + return 0; } - return bytes; + return first * second; } tmsize_t diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c index 87bc030e..5dfef71d 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -41,16 +41,6 @@ #define FAILED_FII ((uint32) -1) /* - * Largest 32-bit unsigned integer value. - */ -#define TIFF_UINT32_MAX 0xFFFFFFFFU - -/* - * Largest 64-bit unsigned integer value. - */ -#define TIFF_UINT64_MAX (((uint64)(TIFF_UINT32_MAX)) << 32 | TIFF_UINT32_MAX) - -/* * Largest 64-bit signed integer value. */ #define TIFF_INT64_MAX ((int64)(TIFF_UINT64_MAX >> 1)) diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h index 60ccc87b..45a79323 100644 --- a/libtiff/tiffiop.h +++ b/libtiff/tiffiop.h @@ -80,6 +80,16 @@ extern int snprintf(char* str, size_t size, const char* format, ...); #define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) #define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) +/* + * Largest 32-bit unsigned integer value. + */ +#define TIFF_UINT32_MAX 0xFFFFFFFFU + +/* + * Largest 64-bit unsigned integer value. + */ +#define TIFF_UINT64_MAX (((uint64)(TIFF_UINT32_MAX)) << 32 | TIFF_UINT32_MAX) + typedef struct client_info { struct client_info *next; void *data; |