From dda2c0dc502b50d4de66b80305441bfb612ec6c1 Mon Sep 17 00:00:00 2001
From: tracy_jiang <tracy_jiang@foxitsoftware.com>
Date: Mon, 29 Aug 2016 13:42:56 -0700
Subject: Fix for #618267. Adding a method to determine if multiplication has
 overflow.

BUG=618267

Review-Url: https://codereview.chromium.org/2284063002
---
 third_party/libtiff/tif_aux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'third_party/libtiff/tif_aux.c')

diff --git a/third_party/libtiff/tif_aux.c b/third_party/libtiff/tif_aux.c
index 927150a493..3ce3680ab2 100644
--- a/third_party/libtiff/tif_aux.c
+++ b/third_party/libtiff/tif_aux.c
@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
 	/*
 	 * XXX: Check for integer overflow.
 	 */
-	if (nmemb && elem_size && bytes / elem_size == nmemb)
+	if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
 		cp = _TIFFrealloc(buffer, bytes);
 
 	if (cp == NULL) {
-- 
cgit v1.2.3