Descriptionlibtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip.
The patch (https://codereview.chromium.org/2284063002) for Issue 618267
was insufficient. The integer overflow still could be triggered and could
lead to heap buffer overflow.
This CL strengthens integer overflow check in function _TIFFCheckRealloc.
BUG=chromium:654169
R=ochang@chromium.org, tsepez@chromium.org, dsinclair@chromium.org
Committed: https://pdfium.googlesource.com/pdfium/+/24ba0a2ef48d7be37f02056d20bb8c625f641939
Patch Set 1 #
Total comments: 2
Messages
Total messages: 9 (3 generated)
|