diff options
author | Even Rouault <even.rouault@spatialys.com> | 2019-08-14 09:47:58 +0000 |
---|---|---|
committer | Even Rouault <even.rouault@spatialys.com> | 2019-08-14 09:47:58 +0000 |
commit | 2218055ca67d84be596a13080e8f50f22116555c (patch) | |
tree | 621e53c537056bd8c3a09367a93a8bb48404d2a2 /libtiff/tif_luv.c | |
parent | 12768a24b19b9fe6746f9545c9d77bff1e306db4 (diff) | |
parent | 1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 (diff) | |
download | libtiff-git-2218055ca67d84be596a13080e8f50f22116555c.tar.gz |
Merge branch 'fix_integer_overflow' into 'master'
Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973)
See merge request libtiff/libtiff!90
Diffstat (limited to 'libtiff/tif_luv.c')
-rw-r--r-- | libtiff/tif_luv.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c index 6a63eadc..6fe48588 100644 --- a/libtiff/tif_luv.c +++ b/libtiff/tif_luv.c @@ -1269,16 +1269,10 @@ LogL16GuessDataFmt(TIFFDirectory *td) return (SGILOGDATAFMT_UNKNOWN); } - -#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) -#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) - static tmsize_t multiply_ms(tmsize_t m1, tmsize_t m2) { - if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 ) - return 0; - return m1 * m2; + return _TIFFMultiplySSize(NULL, m1, m2, NULL); } static int |