https://github.com/libsdl-org/libtiff/commit/9624660561640c3dfc20e96a8f6ef623ff7c60bd
From 9624660561640c3dfc20e96a8f6ef623ff7c60bd Mon Sep 17 00:00:00 2001
From: Even Rouault <[EMAIL REDACTED]>
Date: Fri, 18 Mar 2022 20:53:51 +0100
Subject: [PATCH] tif_lzw.c: avoid harmless unsigned-integer-overflow
(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45741)
---
libtiff/tif_lzw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
index 19e0e4aa..a411e378 100644
--- a/libtiff/tif_lzw.c
+++ b/libtiff/tif_lzw.c
@@ -480,7 +480,7 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)
free_entp->firstchar = oldcodep->firstchar;
free_entp->length = oldcodep->length+1;
free_entp->value = (uint8_t)code;
- free_entp->repeated = (bool)(oldcodep->repeated & !(oldcodep->value - code));
+ free_entp->repeated = (bool)(oldcodep->repeated & (oldcodep->value == code));
if (++free_entp > maxcodep) {
if (++nbits > BITS_MAX) /* should not happen for a conformant encoder */
nbits = BITS_MAX;
@@ -519,7 +519,7 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)
{
free_entp->value = codep->firstchar;
}
- free_entp->repeated = (bool)(oldcodep->repeated & !(oldcodep->value - free_entp->value));
+ free_entp->repeated = (bool)(oldcodep->repeated & (oldcodep->value == free_entp->value));
free_entp->next = oldcodep;
free_entp->firstchar = oldcodep->firstchar;