40 lines
872 B
Diff
40 lines
872 B
Diff
From 491e3acc55d7a54e2588de476733e93c4c7ffea0 Mon Sep 17 00:00:00 2001
|
|
From: Young_X <YangX92@hotmail.com>
|
|
Date: Sat, 8 Sep 2018 14:46:27 +0800
|
|
Subject: [PATCH] avoid potential int32 overflows in multiply_ms()
|
|
|
|
---
|
|
tools/ppm2tiff.c | 13 +++++++------
|
|
1 file changed, 7 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
|
|
index 91415e9..81ffa3d 100644
|
|
--- a/tools/ppm2tiff.c
|
|
+++ b/tools/ppm2tiff.c
|
|
@@ -72,15 +72,16 @@ BadPPM(char* file)
|
|
exit(-2);
|
|
}
|
|
|
|
+
|
|
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
|
|
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
|
|
+
|
|
static tmsize_t
|
|
multiply_ms(tmsize_t m1, tmsize_t m2)
|
|
{
|
|
- tmsize_t bytes = m1 * m2;
|
|
-
|
|
- if (m1 && bytes / m1 != m2)
|
|
- bytes = 0;
|
|
-
|
|
- return bytes;
|
|
+ if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
|
|
+ return 0;
|
|
+ return m1 * m2;
|
|
}
|
|
|
|
int
|
|
--
|
|
2.17.2
|
|
|