diff options
| author | tracy_jiang <tracy_jiang@foxitsoftware.com> | 2016-08-29 13:42:56 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-08-29 13:42:56 -0700 |
| commit | dda2c0dc502b50d4de66b80305441bfb612ec6c1 (patch) | |
| tree | faf28f1b1f12ad9cd41473fa71bdad70c6f361e9 /third_party/libtiff/tif_aux.c | |
| parent | c116e597ef4dfac88248d6de0e7c9bdf093b6e7c (diff) | |
| download | pdfium-dda2c0dc502b50d4de66b80305441bfb612ec6c1.tar.xz | |
Fix for #618267. Adding a method to determine if multiplication has
overflow.
BUG=618267
Review-Url: https://codereview.chromium.org/2284063002
Diffstat (limited to 'third_party/libtiff/tif_aux.c')
| -rw-r--r-- | third_party/libtiff/tif_aux.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/third_party/libtiff/tif_aux.c b/third_party/libtiff/tif_aux.c index 927150a493..3ce3680ab2 100644 --- a/third_party/libtiff/tif_aux.c +++ b/third_party/libtiff/tif_aux.c @@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer, /* * XXX: Check for integer overflow. */ - if (nmemb && elem_size && bytes / elem_size == nmemb) + if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) cp = _TIFFrealloc(buffer, bytes); if (cp == NULL) { |