1diff --git a/third_party/libtiff/tif_getimage.c b/third_party/libtiff/tif_getimage.c 2index 8603ff026..f5a05e55b 100644 3--- a/third_party/libtiff/tif_getimage.c 4+++ b/third_party/libtiff/tif_getimage.c 5@@ -1083,6 +1083,12 @@ static int gtStripContig(TIFFRGBAImage *img, uint32_t *raster, uint32_t w, 6 int ret = 1, flip; 7 tmsize_t maxstripsize; 8 9+ if ((tmsize_t)img->row_offset > TIFF_SSIZE_T_MAX || 10+ (size_t)h > (size_t)TIFF_SSIZE_T_MAX) 11+ { 12+ return (0); 13+ } 14+ 15 TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, 16 &subsamplingver); 17 if (subsamplingver == 0) 18diff --git a/third_party/libtiff/tiffconf.h b/third_party/libtiff/tiffconf.h 19index 4c83b03f1..289f1758f 100644 20--- a/third_party/libtiff/tiffconf.h 21+++ b/third_party/libtiff/tiffconf.h 22@@ -136,10 +136,12 @@ 23 #if defined(ARCH_CPU_64_BITS) 24 #define TIFF_SSIZE_T int64_t 25 #define TIFF_SSIZE_FORMAT PRId64 26+#define TIFF_SSIZE_T_MAX INT64_MAX 27 #define SIZEOF_SIZE_T 8 28 #else 29 #define TIFF_SSIZE_T int32_t 30 #define TIFF_SSIZE_FORMAT PRId32 31+#define TIFF_SSIZE_T_MAX INT32_MAX 32 #define SIZEOF_SIZE_T 4 33 #endif 34 35