https://github.com/libsdl-org/libtiff/commit/317a2b5c06e5d24bcfd3c8c351778e7221373e83
From 0e3184840ad5f1d1fbbe641556a76a2af31f97d4 Mon Sep 17 00:00:00 2001
From: Su Laus <[EMAIL REDACTED]>
Date: Sat, 19 Feb 2022 16:11:13 +0000
Subject: [PATCH] tiff2ps: In limitMalloc() check for negative size (fixes
#284)
---
tools/tiff2ps.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c
index a598ede7..4355a84b 100644
--- a/tools/tiff2ps.c
+++ b/tools/tiff2ps.c
@@ -246,7 +246,8 @@ static void usage(int);
*/
static void* limitMalloc(tmsize_t s)
{
- if (maxMalloc && (s > maxMalloc)) {
+ /* tmsize_t is signed and _TIFFmalloc() converts s to size_t. Therefore check for negative s. */
+ if (maxMalloc && ((s > maxMalloc) || (s < 0))) {
fprintf(stderr, "MemoryLimitError: allocation of %" TIFF_SSIZE_FORMAT " bytes is forbidden. Limit is %" TIFF_SSIZE_FORMAT ".\n",
s, maxMalloc);
fprintf(stderr, " use -M option to change limit.\n");