libtiff: TIFFSetDirectory: avoid harmless unsigned-integer-overflow

From f1f86eedeea802317b75d97d867246f41bf9d616 Mon Sep 17 00:00:00 2001
From: Even Rouault <[EMAIL REDACTED]>
Date: Thu, 15 Dec 2022 22:15:00 +0100
Subject: [PATCH] TIFFSetDirectory: avoid harmless unsigned-integer-overflow

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54343
---
 libtiff/tif_dir.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 4a366545..c7789bb8 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -2041,10 +2041,14 @@ int TIFFSetDirectory(TIFF *tif, tdir_t dirn)
     tif->tif_nextdiroff = nextdiroff;
     /*
      * Set curdir to the actual directory index.  The
-     * -1 is because TIFFReadDirectory will increment
+     * -1 decrement is because TIFFReadDirectory will increment
      * tif_curdir after successfully reading the directory.
      */
-    tif->tif_curdir = (dirn - n) - 1;
+    tif->tif_curdir = (dirn - n);
+    if (tif->tif_curdir == 0)
+        tif->tif_curdir = TIFF_NON_EXISTENT_DIR_NUMBER;
+    else
+        tif->tif_curdir--;
     return (TIFFReadDirectory(tif));
 }