| 08033e9c |
commit 6da1fb3f64d43be37e640efbec60400d1f1ac39e
Author: Young_X <YangX92@hotmail.com>
Date: Sat Sep 8 14:46:27 2018 +0800
avoid potential int32 overflows in multiply_ms()
diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
index af6e412..c2d5925 100644
--- a/tools/ppm2tiff.c
+++ b/tools/ppm2tiff.c
@@ -70,15 +70,16 @@ BadPPM(char* file)
exit(-2);
}
+
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
+
static tmsize_t
multiply_ms(tmsize_t m1, tmsize_t m2)
{
- tmsize_t bytes = m1 * m2;
-
- if (m1 && bytes / m1 != m2)
- bytes = 0;
-
- return bytes;
+ if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
+ return 0;
+ return m1 * m2;
}
int |