tiff: Check for integer overflows in multiplication

The checks currently in use are not sufficient, because they depend on
undefined behaviour:

    rowstride = width * 4;
    if (rowstride / 4 != width) { /* overflow */

If the multiplication has already overflowed, the compiler may decide
to optimize the if out and thus we do not handle the erroneous case.

Rearrange the checks to avoid the undefined behaviour.

Note that gcc doesn't seem to be impacted, though a defined behaviour is
obviously preferred.

CVE-2017-2870

https://bugzilla.gnome.org/show_bug.cgi?id=780269

0 files changed, 0 insertions, 0 deletions