diff options
author | Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org> | 2019-10-30 10:25:20 +0100 |
---|---|---|
committer | Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org> | 2019-10-30 10:25:20 +0100 |
commit | 8ca5b34c1aacc4b7a8f20bf9aadd04f1eeafd3f6 (patch) | |
tree | d27d03bf55f92c7a362e5bed53c578fcb1b5cf03 /src/3rdparty/libtiff/libtiff/tif_aux.c | |
parent | ff6cf6764ded8c028f693da70b876a00fbff2a5f (diff) | |
parent | 9fe1f2e918d39031852805f1add23125c061d3c3 (diff) |
Merge remote-tracking branch 'origin/5.13' into 5.14v5.14.0-beta3
Conflicts:
.qmake.conf
Change-Id: Ib4b1a3a3604fdce35f61dadc26770ca9b749e008
Diffstat (limited to 'src/3rdparty/libtiff/libtiff/tif_aux.c')
-rw-r--r-- | src/3rdparty/libtiff/libtiff/tif_aux.c | 49 |
1 files changed, 44 insertions, 5 deletions
diff --git a/src/3rdparty/libtiff/libtiff/tif_aux.c b/src/3rdparty/libtiff/libtiff/tif_aux.c index 4ece162..33fb8a4 100644 --- a/src/3rdparty/libtiff/libtiff/tif_aux.c +++ b/src/3rdparty/libtiff/libtiff/tif_aux.c @@ -57,18 +57,57 @@ _TIFFMultiply64(TIFF* tif, uint64 first, uint64 second, const char* where) return bytes; } +tmsize_t +_TIFFMultiplySSize(TIFF* tif, tmsize_t first, tmsize_t second, const char* where) +{ + if( first <= 0 || second <= 0 ) + { + if( tif != NULL && where != NULL ) + { + TIFFErrorExt(tif->tif_clientdata, where, + "Invalid argument to _TIFFMultiplySSize() in %s", where); + } + return 0; + } + + if( first > TIFF_TMSIZE_T_MAX / second ) + { + if( tif != NULL && where != NULL ) + { + TIFFErrorExt(tif->tif_clientdata, where, + "Integer overflow in %s", where); + } + return 0; + } + return first * second; +} + +tmsize_t _TIFFCastUInt64ToSSize(TIFF* tif, uint64 val, const char* module) +{ + if( val > (uint64)TIFF_TMSIZE_T_MAX ) + { + if( tif != NULL && module != NULL ) + { + TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); + } + return 0; + } + return (tmsize_t)val; +} + void* _TIFFCheckRealloc(TIFF* tif, void* buffer, tmsize_t nmemb, tmsize_t elem_size, const char* what) { void* cp = NULL; - tmsize_t bytes = nmemb * elem_size; - + tmsize_t count = _TIFFMultiplySSize(tif, nmemb, elem_size, NULL); /* - * XXX: Check for integer overflow. + * Check for integer overflow. */ - if (nmemb && elem_size && bytes / elem_size == nmemb) - cp = _TIFFrealloc(buffer, bytes); + if (count != 0) + { + cp = _TIFFrealloc(buffer, count); + } if (cp == NULL) { TIFFErrorExt(tif->tif_clientdata, tif->tif_name, |