libertiff.hpp: avoid harmless unsigned integer overflow (oss-fuzz #38…

…9332105)
OSGeo · Jan 11, 2025 · 926f93b · 926f93b
1 parent ea26bd0
commit 926f93b
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/third_party/libertiff/libertiff.hpp b/third_party/libertiff/libertiff.hpp
@@ -1217,6 +1217,12 @@ class Image
         uint64_t offset = imageOffset;
         if LIBERTIFF_CONSTEXPR (isBigTIFF)
         {
+            // To prevent unsigned integer overflows in later additions. The
+            // theoretical max should be much closer to UINT64_MAX, but half of
+            // it is already more than needed in practice :-)
+            if (offset >= std::numeric_limits<uint64_t>::max() / 2)
+                return nullptr;
+
             const auto tagCount64Bit = rc->read<uint64_t>(offset, ok);
             // Artificially limit to the same number of entries as ClassicTIFF
             if (tagCount64Bit > std::numeric_limits<uint16_t>::max())