tiff: Check for integer overflows in multiplication
The checks currently in use are not sufficient, because they depend on undefined behaviour: rowstride = width * 4; if (rowstride / 4 != width) { /* overflow */ If the multiplication has already overflowed, the compiler may decide to optimize the if out and thus we do not handle the erroneous case. Rearrange the checks to avoid the undefined behaviour. Note that gcc doesn't seem to be impacted, though a defined behaviour is obviously preferred. CVE-2017-2870 https://bugzilla.gnome.org/show_bug.cgi?id=780269
parent
eb0754b7
Please register or sign in to comment