From a04b4c4aec3bbfbbde9602ddb4e00809a1a4f92c Mon Sep 17 00:00:00 2001

From: Young_X <YangX92@hotmail.com>

Date: Sat, 8 Sep 2018 14:46:27 +0800

Subject: [PATCH] (CVE-2018-17100) avoid potential int32 overflows in

 multiply_ms()

(cherry picked from commit 6da1fb3f64d43be37e640efbec60400d1f1ac39e)

---

 tools/ppm2tiff.c | 13 +++++++------

 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c

index 91415e96..81ffa3db 100644

--- a/tools/ppm2tiff.c

+++ b/tools/ppm2tiff.c

@@ -72,15 +72,16 @@ BadPPM(char* file)

 	exit(-2);

 }

+

+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))

+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)

+

 static tmsize_t

 multiply_ms(tmsize_t m1, tmsize_t m2)

 {

-	tmsize_t bytes = m1 * m2;

-

-	if (m1 && bytes / m1 != m2)

-		bytes = 0;

-

-	return bytes;

+        if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )

+            return 0;

+        return m1 * m2;

 }

 int

-- 

2.34.1