• Ludovico de Nittis's avatar
    tiff: Check for integer overflows in multiplication · 31a6cff3
    Ludovico de Nittis authored
    The checks currently in use are not sufficient, because they depend on
    undefined behaviour:
    
        rowstride = width * 4;
        if (rowstride / 4 != width) { /* overflow */
    
    If the multiplication has already overflowed, the compiler may decide
    to optimize the if out and thus we do not handle the erroneous case.
    
    Rearrange the checks to avoid the undefined behaviour.
    
    Note that gcc doesn't seem to be impacted, though a defined behaviour is
    obviously preferred.
    
    CVE-2017-2870
    
    https://bugzilla.gnome.org/show_bug.cgi?id=780269
    31a6cff3
Name
Last commit
Last update
contrib Loading commit data...
docs Loading commit data...
gdk-pixbuf Loading commit data...
m4 Loading commit data...
po Loading commit data...
tests Loading commit data...
thumbnailer Loading commit data...
win32 Loading commit data...
AUTHORS Loading commit data...
COPYING Loading commit data...
INSTALL Loading commit data...
Makefile.am Loading commit data...
NEWS Loading commit data...
README Loading commit data...
autogen.sh Loading commit data...
config.h.win32.in Loading commit data...
configure.ac Loading commit data...
gdk-pixbuf-2.0-uninstalled.pc.in Loading commit data...
gdk-pixbuf-2.0.pc.in Loading commit data...
gdk-pixbuf.doap Loading commit data...
git.mk Loading commit data...
glib-tap.mk Loading commit data...
tap-driver.sh Loading commit data...
tap-test Loading commit data...