diff options
Diffstat (limited to 'gpdl/tifftop.c')
-rw-r--r-- | gpdl/tifftop.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/gpdl/tifftop.c b/gpdl/tifftop.c index 7aa6ce731..1ad40aaa5 100644 --- a/gpdl/tifftop.c +++ b/gpdl/tifftop.c @@ -510,16 +510,17 @@ blend_alpha(tiff_interp_instance_t *tiff, size_t n) static uint32_t safe_mla(const gs_memory_t *mem, int *code, uint32_t a, uint32_t b, uint32_t c, uint32_t d) { - if (UINT_MAX/b > a) + /* UINT_MAX < b*a means overflow, but we can't calculate that... */ + if (UINT_MAX/b < a) goto fail; a *= b; - if (UINT_MAX/c > a) + if (UINT_MAX/c < a) goto fail; a *= c; if (UINT_MAX-c < d) goto fail; - return c+d; + return a+d; fail: emprintf(mem, "Numeric overflow!\n"); @@ -531,16 +532,17 @@ fail: static size_t size_mla(const gs_memory_t *mem, int *code, size_t a, size_t b, size_t c, size_t d) { - if (SIZE_MAX/b > a) + /* SIZE_MAX < b*a means overflow, but we can't calculate that... */ + if (SIZE_MAX/b < a) goto fail; a *= b; - if (SIZE_MAX/c > a) + if (SIZE_MAX/c < a) goto fail; a *= c; if (SIZE_MAX-c < d) goto fail; - return c+d; + return a+d; fail: emprintf(mem, "Numeric overflow!\n"); |