1From 175d6d447556c56fa93695eca26ef1af19ed7286 Mon Sep 17 00:00:00 2001 2From: Young_X <YangX92@hotmail.com> 3Date: Sat, 8 Sep 2018 14:46:27 +0800 4Subject: [PATCH 1/2] avoid potential int32 overflows in multiply_ms() 5 6--- 7 tools/ppm2tiff.c | 13 +++++++------ 8 1 file changed, 7 insertions(+), 6 deletions(-) 9 10diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c 11index 91415e9..81ffa3d 100644 12--- a/tools/ppm2tiff.c 13+++ b/tools/ppm2tiff.c 14@@ -72,15 +72,16 @@ BadPPM(char* file) 15 exit(-2); 16 } 17 18+ 19+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) 20+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) 21+ 22 static tmsize_t 23 multiply_ms(tmsize_t m1, tmsize_t m2) 24 { 25- tmsize_t bytes = m1 * m2; 26- 27- if (m1 && bytes / m1 != m2) 28- bytes = 0; 29- 30- return bytes; 31+ if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 ) 32+ return 0; 33+ return m1 * m2; 34 } 35 36 int 37-- 382.17.2 39 40