39 lines
949 B
Diff
39 lines
949 B
Diff
From a04b4c4aec3bbfbbde9602ddb4e00809a1a4f92c Mon Sep 17 00:00:00 2001
|
|
From: Young_X <YangX92@hotmail.com>
|
|
Date: Sat, 8 Sep 2018 14:46:27 +0800
|
|
Subject: [PATCH] (CVE-2018-17100) avoid potential int32 overflows in
|
|
multiply_ms()
|
|
|
|
(cherry picked from commit 6da1fb3f64d43be37e640efbec60400d1f1ac39e)
|
|
---
|
|
tools/ppm2tiff.c | 13 +++++++------
|
|
1 file changed, 7 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
|
|
index 91415e96..81ffa3db 100644
|
|
--- a/tools/ppm2tiff.c
|
|
+++ b/tools/ppm2tiff.c
|
|
@@ -72,15 +72,16 @@ BadPPM(char* file)
|
|
exit(-2);
|
|
}
|
|
|
|
+
|
|
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
|
|
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
|
|
+
|
|
static tmsize_t
|
|
multiply_ms(tmsize_t m1, tmsize_t m2)
|
|
{
|
|
- tmsize_t bytes = m1 * m2;
|
|
-
|
|
- if (m1 && bytes / m1 != m2)
|
|
- bytes = 0;
|
|
-
|
|
- return bytes;
|
|
+ if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
|
|
+ return 0;
|
|
+ return m1 * m2;
|
|
}
|
|
|
|
int
|