diff options
author | Even Rouault <even.rouault@spatialys.com> | 2019-08-14 09:47:58 +0000 |
---|---|---|
committer | Even Rouault <even.rouault@spatialys.com> | 2019-08-14 09:47:58 +0000 |
commit | 2218055ca67d84be596a13080e8f50f22116555c (patch) | |
tree | 621e53c537056bd8c3a09367a93a8bb48404d2a2 /libtiff/tif_strip.c | |
parent | 12768a24b19b9fe6746f9545c9d77bff1e306db4 (diff) | |
parent | 1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 (diff) | |
download | libtiff-git-2218055ca67d84be596a13080e8f50f22116555c.tar.gz |
Merge branch 'fix_integer_overflow' into 'master'
Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973)
See merge request libtiff/libtiff!90
Diffstat (limited to 'libtiff/tif_strip.c')
-rw-r--r-- | libtiff/tif_strip.c | 35 |
1 files changed, 4 insertions, 31 deletions
diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c index 2f3cd883..c08c60a7 100644 --- a/libtiff/tif_strip.c +++ b/libtiff/tif_strip.c @@ -129,15 +129,8 @@ TIFFVStripSize(TIFF* tif, uint32 nrows) { static const char module[] = "TIFFVStripSize"; uint64 m; - tmsize_t n; m=TIFFVStripSize64(tif,nrows); - n=(tmsize_t)m; - if ((uint64)n!=m) - { - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); - n=0; - } - return(n); + return _TIFFCastUInt64ToSSize(tif, m, module); } /* @@ -210,15 +203,8 @@ TIFFStripSize(TIFF* tif) { static const char module[] = "TIFFStripSize"; uint64 m; - tmsize_t n; m=TIFFStripSize64(tif); - n=(tmsize_t)m; - if ((uint64)n!=m) - { - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); - n=0; - } - return(n); + return _TIFFCastUInt64ToSSize(tif, m, module); } /* @@ -329,14 +315,8 @@ TIFFScanlineSize(TIFF* tif) { static const char module[] = "TIFFScanlineSize"; uint64 m; - tmsize_t n; m=TIFFScanlineSize64(tif); - n=(tmsize_t)m; - if ((uint64)n!=m) { - TIFFErrorExt(tif->tif_clientdata,module,"Integer arithmetic overflow"); - n=0; - } - return(n); + return _TIFFCastUInt64ToSSize(tif, m, module); } /* @@ -365,15 +345,8 @@ TIFFRasterScanlineSize(TIFF* tif) { static const char module[] = "TIFFRasterScanlineSize"; uint64 m; - tmsize_t n; m=TIFFRasterScanlineSize64(tif); - n=(tmsize_t)m; - if ((uint64)n!=m) - { - TIFFErrorExt(tif->tif_clientdata,module,"Integer arithmetic overflow"); - n=0; - } - return(n); + return _TIFFCastUInt64ToSSize(tif, m, module); } /* vim: set ts=8 sts=8 sw=8 noet: */ |