TIFFReadRGBATileExt(): fix (unsigned) integer overflow on strips/tiles > 2 GB
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
parent
ddef030d
-
mentioned in commit qtmirror/openembedded-core@668ff495
-
mentioned in commit gizero/poky@0b5e0e52
-
mentioned in commit jonmason00/poky@38f46024
-
mentioned in commit jonmason00/poky@16f96f6e
-
mentioned in commit openembedded/openembedded-core@d4b231e1
-
mentioned in commit openembedded/openembedded-core@d066f7e8
-
mentioned in issue #551 (closed)
-
Has anyone tried this on a 32-bit system? I don't think the change is an effective fix for a 32-bit system where sizeof(size_t) == sizeof(uint32).
-
Author Owner
I don't think the change is an effective fix for a 32-bit system where sizeof(size_t) == sizeof(uint32).
You shouldn't normally reach that point on a system that can allocate only up to 4 GB. A previous memory allocation would have failed
Please register or sign in to comment