From 1302ffb350456ea0c51c21bc45172abe20cdde63 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Fri, 16 Aug 2019 19:47:42 +0200
Subject: setByteArray(): avoid potential signed integer overflow. Pointed by
 Hendra Gunadi. No actual problem known (which does not mean there wouldn't be
 any. Particularly on 32bit builds)

---
 libtiff/tif_dir.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 4a3fcd55..dd3dd6a6 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -46,8 +46,8 @@ setByteArray(void** vpp, void* vp, size_t nmemb, size_t elem_size)
 		*vpp = 0;
 	}
 	if (vp) {
-		tmsize_t bytes = (tmsize_t)(nmemb * elem_size);
-		if (elem_size && bytes / elem_size == nmemb)
+		tmsize_t bytes = _TIFFMultiplySSize(NULL, nmemb, elem_size, NULL);
+		if (elem_size)
 			*vpp = (void*) _TIFFmalloc(bytes);
 		if (*vpp)
 			_TIFFmemcpy(*vpp, vp, bytes);
-- 
cgit v1.2.1