summaryrefslogtreecommitdiffstats
path: root/src/3rdparty/libtiff/libtiff/tif_pixarlog.c
diff options
context:
space:
mode:
authorEirik Aavitsland <eirik.aavitsland@qt.io>2019-10-23 10:00:23 +0200
committerEirik Aavitsland <eirik.aavitsland@qt.io>2019-10-23 12:30:04 +0200
commit9fe1f2e918d39031852805f1add23125c061d3c3 (patch)
treedd2faa67c4a4e08b3dade4c4963709f05aa67a15 /src/3rdparty/libtiff/libtiff/tif_pixarlog.c
parent606ae7e0197f3bcff442c2df3beb918952d8e822 (diff)
Tiff: Include two upstream CVE fixes in bundled libtiffv5.13.2
For issues CVE-2019-17546 and CVE-2019-14973, the following commits were merged into the bundled libtiff: 4bb584a35f87af42d6cf09d15e9ce8909a839145 RGBA interface: fix integer overflow potentially causing write heap buffer overflow, especially on 32 bit builds. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443. Credit to OSS Fuzz 1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 Fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973) Fixes: QTBUG-79397 Change-Id: I29257e6dbfbd816224d3dbaefdbe8afecd25f288 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Diffstat (limited to 'src/3rdparty/libtiff/libtiff/tif_pixarlog.c')
-rw-r--r--src/3rdparty/libtiff/libtiff/tif_pixarlog.c7
1 files changed, 1 insertions, 6 deletions
diff --git a/src/3rdparty/libtiff/libtiff/tif_pixarlog.c b/src/3rdparty/libtiff/libtiff/tif_pixarlog.c
index 7438d69..12c2372 100644
--- a/src/3rdparty/libtiff/libtiff/tif_pixarlog.c
+++ b/src/3rdparty/libtiff/libtiff/tif_pixarlog.c
@@ -634,15 +634,10 @@ PixarLogGuessDataFmt(TIFFDirectory *td)
return guess;
}
-#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
-#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
-
static tmsize_t
multiply_ms(tmsize_t m1, tmsize_t m2)
{
- if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
- return 0;
- return m1 * m2;
+ return _TIFFMultiplySSize(NULL, m1, m2, NULL);
}
static tmsize_t
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 11:16:40 +0000