TiffAppendToStrip - rewrite-in-place logic tries to malloc with a size of 0 bytes

Summary

I am seeing a tempSize of 0 being passed to malloc here:

https://gitlab.com/libtiff/libtiff/-/blob/59135f73dd0341da9080098ac7c56284695c3734/libtiff/tif_write.c#L832

uint64_t toCopy = td->td_stripbytecount_p[strip];

        if( toCopy < 1024 * 1024 )
            tempSize = (tmsize_t)toCopy;
        else
            tempSize = 1024 * 1024;
//...

temp = _TIFFmalloc(tempSize);
        if (temp == NULL) {
            TIFFErrorExt(tif->tif_clientdata, module, "No space for output buffer");
            return (0);
        }

Version

59135f73

Steps to reproduce

We don't currently have a reproducer since this is happening with protected user data. Where the user is not me. It's in a cloud flume worker.

Platform

• Custom: Linux, x86_64, google3/blaze built.
• Called from GDAL from 2018-Nov-02 - https://github.com/OSGeo/gdal/commit/e5e7b313540f0ff913fadfe6a273fb7c356a22cb