Blob Blame History Raw
From a04b4c4aec3bbfbbde9602ddb4e00809a1a4f92c Mon Sep 17 00:00:00 2001
From: Young_X <YangX92@hotmail.com>
Date: Sat, 8 Sep 2018 14:46:27 +0800
Subject: [PATCH] (CVE-2018-17100) avoid potential int32 overflows in
 multiply_ms()

(cherry picked from commit 6da1fb3f64d43be37e640efbec60400d1f1ac39e)
---
 tools/ppm2tiff.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
index 91415e96..81ffa3db 100644
--- a/tools/ppm2tiff.c
+++ b/tools/ppm2tiff.c
@@ -72,15 +72,16 @@ BadPPM(char* file)
 	exit(-2);
 }
 
+
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
+
 static tmsize_t
 multiply_ms(tmsize_t m1, tmsize_t m2)
 {
-	tmsize_t bytes = m1 * m2;
-
-	if (m1 && bytes / m1 != m2)
-		bytes = 0;
-
-	return bytes;
+        if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
+            return 0;
+        return m1 * m2;
 }
 
 int