TIFFSetupStrips(): avoid potential uint32 overflow on 32-bit systems with...

TIFFSetupStrips(): avoid potential uint32 overflow on 32-bit systems with large number of strips. Probably relates to http://bugzilla.maptools.org/show_bug.cgi?id=2788 / CVE-2018-10779
parent 97a9e1a6
Pipeline #27961356 passed with stages
in 3 minutes and 44 seconds
......@@ -538,9 +538,11 @@ TIFFSetupStrips(TIFF* tif)
if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
td->td_stripsperimage /= td->td_samplesperpixel;
td->td_stripoffset = (uint64 *)
_TIFFmalloc(td->td_nstrips * sizeof (uint64));
_TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
"for \"StripOffsets\" array");
td->td_stripbytecount = (uint64 *)
_TIFFmalloc(td->td_nstrips * sizeof (uint64));
_TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
"for \"StripByteCounts\" array");
if (td->td_stripoffset == NULL || td->td_stripbytecount == NULL)
return (0);
/*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment