• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1diff --git a/third_party/libtiff/tif_getimage.c b/third_party/libtiff/tif_getimage.c
2index 23cb40951..2153f1348 100644
3--- a/third_party/libtiff/tif_getimage.c
4+++ b/third_party/libtiff/tif_getimage.c
5@@ -962,6 +962,9 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
6 	int ret = 1, flip;
7         tmsize_t maxstripsize;
8
9+	if ((tmsize_t)img->row_offset > TIFF_SSIZE_T_MAX || (size_t)h > (size_t)TIFF_SSIZE_T_MAX)
10+		return (0);
11+
12 	TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver);
13 	if( subsamplingver == 0 ) {
14 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Invalid vertical YCbCr subsampling");
15diff --git a/third_party/libtiff/tif_read.c b/third_party/libtiff/tif_read.c
16index e63810cc7..dd3002669 100644
17--- a/third_party/libtiff/tif_read.c
18+++ b/third_party/libtiff/tif_read.c
19@@ -558,6 +558,8 @@ _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
20                                     void **buf, tmsize_t bufsizetoalloc,
21                                     tmsize_t size_to_read)
22 {
23+    assert(size_to_read > 0);
24+
25     tmsize_t this_stripsize;
26     uint16 plane;
27
28diff --git a/third_party/libtiff/tiffconf.h b/third_party/libtiff/tiffconf.h
29index 6292cc5cd..f57f6f709 100644
30--- a/third_party/libtiff/tiffconf.h
31+++ b/third_party/libtiff/tiffconf.h
32@@ -132,13 +132,16 @@
33
34 #if defined(_WIN64)
35 #define TIFF_SSIZE_T signed __int64
36+#define TIFF_SSIZE_T_MAX INT64_MAX
37 #else
38 #define TIFF_SSIZE_T signed int
39+#define TIFF_SSIZE_T_MAX INT_MAX
40 #endif
41
42 #else
43
44 #define TIFF_SSIZE_T signed long
45+#define TIFF_SSIZE_T_MAX LONG_MAX
46
47 #endif
48
49