Skip to content
Commit 31a6cff3 authored by Ludovico de Nittis's avatar Ludovico de Nittis Committed by Bastien Nocera
Browse files

tiff: Check for integer overflows in multiplication 

The checks currently in use are not sufficient, because they depend on
undefined behaviour:

    rowstride = width * 4;
    if (rowstride / 4 != width) { /* overflow */

If the multiplication has already overflowed, the compiler may decide
to optimize the if out and thus we do not handle the erroneous case.

Rearrange the checks to avoid the undefined behaviour.

Note that gcc doesn't seem to be impacted, though a defined behaviour is
obviously preferred.

CVE-2017-2870

https://bugzilla.gnome.org/show_bug.cgi?id=780269
parent eb0754b7
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment