From c2a28a12c6f7292183819a28ab3715384bd36960 Mon Sep 17 00:00:00 2001
From: Even Rouault <[EMAIL REDACTED]>
Date: Wed, 14 Dec 2022 20:53:38 +0100
Subject: [PATCH] TIFFWriteDirectorySec(): avoid harmless
unsigned-integer-overflow
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54311
---
libtiff/tif_dirwrite.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index beebd116..717afbac 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -1114,7 +1114,12 @@ static int TIFFWriteDirectorySec(TIFF *tif, int isimage, int imagedone,
if (tif->tif_dataoff & 1)
tif->tif_dataoff++;
if (isimage)
- tif->tif_curdir++;
+ {
+ if (tif->tif_curdir == TIFF_NON_EXISTENT_DIR_NUMBER)
+ tif->tif_curdir = 0;
+ else
+ tif->tif_curdir++;
+ }
}
if (isimage)
{