Attachment #235208 for bug #265164

View | Details | Raw Unified | Return to bug 265164
Collapse All | Expand All




# Created by: Richard Hwang <rhwang@bigpanda.com>, Mikhail Teterin <mi@aldan.algebra.com>, Jun-ichiro itojun Itoh <itojun@itojun.org>

PORTNAME=	tiff
DISTVERSION=	4.4.0
CATEGORIES=	graphics
MASTER_SITES=	https://download.osgeo.org/libtiff/


LICENSE=	BSD3CLAUSE
LICENSE_FILE=	${WRKSRC}/COPYRIGHT

LIB_DEPENDS=	libdeflate.so:archivers/libdeflate \
		libjbig.so:graphics/jbigkit \
		libzstd.so:archivers/zstd

USES=		cpe jpeg libtool localbase pathfix tar:xz
CPE_PRODUCT=	libtiff
CPE_VERSION=	${DISTVERSION:C/[a-z]+//}
CPE_UPDATE=	${DISTVERSION:C/[0-9.]+//}
USE_LDCONFIG=	yes
GNU_CONFIGURE=	yes
CONFIGURE_ARGS=		--without-x \
			--with-jpeg-lib-dir=${LOCALBASE}/lib \
			--without-x \
			--disable-webp \
			--disable-zstd

INSTALL_TARGET=	install-strip
TEST_TARGET=	check

Lines 1-3 Link Here

(-)b/graphics/tiff/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1619212569	1	TIMESTAMP = 1657611207
2	SHA256 (tiff-4.3.0.tar.gz) = 0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8	2	SHA256 (tiff-4.4.0.tar.xz) = 49307b510048ccc7bc40f2cba6e8439182fe6e654057c1a1683139bf2ecb1dc1
3	SIZE (tiff-4.3.0.tar.gz) = 2808254	3	SIZE (tiff-4.4.0.tar.xz) = 1929292




From dd1bcc7abb26094e93636e85520f0d8f81ab0fab Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Sat, 11 Jun 2022 09:31:43 +0000
Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428)

---
 libtiff/tif_aux.c |  9 +++++++
 libtiff/tiffiop.h |  1 +
 tools/tiffcrop.c  | 62 ++++++++++++++++++++++++++---------------------
 3 files changed, 44 insertions(+), 28 deletions(-)

diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
index 140f26c7..5b88c8d0 100644
--- libtiff/tif_aux.c
+++ libtiff/tif_aux.c
@@ -402,6 +402,15 @@ float _TIFFClampDoubleToFloat( double val )
     return (float)val;
 }
 
+uint32_t _TIFFClampDoubleToUInt32(double val)
+{
+    if( val < 0 )
+        return 0;
+    if( val > 0xFFFFFFFFU || val != val )
+        return 0xFFFFFFFFU;
+    return (uint32_t)val;
+}
+
 int _TIFFSeekOK(TIFF* tif, toff_t off)
 {
     /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
index e3af461d..4e8bdac2 100644
--- libtiff/tiffiop.h
+++ libtiff/tiffiop.h
@@ -365,6 +365,7 @@ extern double _TIFFUInt64ToDouble(uint64_t);
 extern float _TIFFUInt64ToFloat(uint64_t);
 
 extern float _TIFFClampDoubleToFloat(double);
+extern uint32_t _TIFFClampDoubleToUInt32(double);
 
 extern tmsize_t
 _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32_t strip,
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index 1f827b2b..90286a5e 100644
--- tools/tiffcrop.c
+++ tools/tiffcrop.c
@@ -5268,17 +5268,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
       {
       if ((crop->res_unit == RESUNIT_INCH) || (crop->res_unit == RESUNIT_CENTIMETER))
         {
-	x1 = (uint32_t) (crop->corners[i].X1 * scale * xres);
-	x2 = (uint32_t) (crop->corners[i].X2 * scale * xres);
-	y1 = (uint32_t) (crop->corners[i].Y1 * scale * yres);
-	y2 = (uint32_t) (crop->corners[i].Y2 * scale * yres);
+	x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres);
+	x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres);
+	y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres);
+	y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres);
         }
       else
         {
-	x1 = (uint32_t) (crop->corners[i].X1);
-	x2 = (uint32_t) (crop->corners[i].X2);
-	y1 = (uint32_t) (crop->corners[i].Y1);
-	y2 = (uint32_t) (crop->corners[i].Y2);
+	x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1);
+	x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2);
+	y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
+	y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
 	}
       /* a) Region needs to be within image sizes 0.. width-1; 0..length-1 
        * b) Corners are expected to be submitted as top-left to bottom-right.
@@ -5357,17 +5357,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
     {
     if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
       { /* User has specified pixels as reference unit */
-      tmargin = (uint32_t)(crop->margins[0]);
-      lmargin = (uint32_t)(crop->margins[1]);
-      bmargin = (uint32_t)(crop->margins[2]);
-      rmargin = (uint32_t)(crop->margins[3]);
+      tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]);
+      lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]);
+      bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]);
+      rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]);
       }
     else
       { /* inches or centimeters specified */
-      tmargin = (uint32_t)(crop->margins[0] * scale * yres);
-      lmargin = (uint32_t)(crop->margins[1] * scale * xres);
-      bmargin = (uint32_t)(crop->margins[2] * scale * yres);
-      rmargin = (uint32_t)(crop->margins[3] * scale * xres);
+      tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres);
+      lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres);
+      bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres);
+      rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres);
       }
 
     if ((lmargin + rmargin) > image->width)
@@ -5397,24 +5397,24 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
   if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
     {
     if (crop->crop_mode & CROP_WIDTH)
-      width = (uint32_t)crop->width;
+      width = _TIFFClampDoubleToUInt32(crop->width);
     else
       width = image->width - lmargin - rmargin;
 
     if (crop->crop_mode & CROP_LENGTH)
-      length  = (uint32_t)crop->length;
+      length  = _TIFFClampDoubleToUInt32(crop->length);
     else
       length = image->length - tmargin - bmargin;
     }
   else
     {
     if (crop->crop_mode & CROP_WIDTH)
-      width = (uint32_t)(crop->width * scale * image->xres);
+      width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres);
     else
       width = image->width - lmargin - rmargin;
 
     if (crop->crop_mode & CROP_LENGTH)
-      length  = (uint32_t)(crop->length * scale * image->yres);
+      length  = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres);
     else
       length = image->length - tmargin - bmargin;
     }
@@ -5868,13 +5868,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
     {
     if (page->res_unit == RESUNIT_INCH || page->res_unit == RESUNIT_CENTIMETER)
       { /* inches or centimeters specified */
-      hmargin = (uint32_t)(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
-      vmargin = (uint32_t)(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
+      hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
+      vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
       }
     else
       { /* Otherwise user has specified pixels as reference unit */
-      hmargin = (uint32_t)(page->hmargin * scale * ((image->bps + 7) / 8));
-      vmargin = (uint32_t)(page->vmargin * scale * ((image->bps + 7) / 8));
+      hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8));
+      vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8));
       }
 
     if ((hmargin * 2.0) > (pwidth * page->hres))
@@ -5912,13 +5912,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
     {
     if (page->mode & PAGE_MODE_PAPERSIZE )
       {
-      owidth  = (uint32_t)((pwidth * page->hres) - (hmargin * 2));
-      olength = (uint32_t)((plength * page->vres) - (vmargin * 2));
+      owidth  = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2));
+      olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2));
       }
     else
       {
-      owidth = (uint32_t)(iwidth - (hmargin * 2 * page->hres));
-      olength = (uint32_t)(ilength - (vmargin * 2 * page->vres));
+      owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres));
+      olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres));
       }
     }
 
@@ -5927,6 +5927,12 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
   if (olength > ilength)
     olength = ilength;
 
+  if (owidth == 0 || olength == 0)
+  {
+    TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");
+    exit(EXIT_FAILURE);
+  }
+
   /* Compute the number of pages required for Portrait or Landscape */
   switch (page->orient)
     {
-- 
GitLab


Lines 24-34 include/tiffvers.h Link Here

(-)b/graphics/tiff/pkg-plist (-2 / +2 lines)
24	lib/libtiff.a	24	lib/libtiff.a
25	lib/libtiff.so	25	lib/libtiff.so
26	lib/libtiff.so.5	26	lib/libtiff.so.5
27	lib/libtiff.so.5.7.0	27	lib/libtiff.so.5.8.0
28	lib/libtiffxx.a	28	lib/libtiffxx.a
29	lib/libtiffxx.so	29	lib/libtiffxx.so
30	lib/libtiffxx.so.5	30	lib/libtiffxx.so.5
31	lib/libtiffxx.so.5.7.0	31	lib/libtiffxx.so.5.8.0
32	libdata/pkgconfig/libtiff-4.pc	32	libdata/pkgconfig/libtiff-4.pc
33	man/man1/fax2ps.1.gz	33	man/man1/fax2ps.1.gz
34	man/man1/fax2tiff.1.gz	34	man/man1/fax2tiff.1.gz

Return to bug 265164

Lines 1-7 Link Here

(-)b/graphics/tiff/Makefile (-7 / +6 lines)
1	# Created by: Richard Hwang <rhwang@bigpanda.com>, Mikhail Teterin <mi@aldan.algebra.com>, Jun-ichiro itojun Itoh <itojun@itojun.org>	1	# Created by: Richard Hwang <rhwang@bigpanda.com>, Mikhail Teterin <mi@aldan.algebra.com>, Jun-ichiro itojun Itoh <itojun@itojun.org>
2		2
3	PORTNAME= tiff	3	PORTNAME= tiff
4	PORTVERSION= 4.3.0	4	DISTVERSION= 4.4.0
5	CATEGORIES= graphics	5	CATEGORIES= graphics
6	MASTER_SITES= https://download.osgeo.org/libtiff/	6	MASTER_SITES= https://download.osgeo.org/libtiff/
7		7
Lines 11-29 COMMENT= Tools and library routines for working with TIFF images Link Here
11	LICENSE= BSD3CLAUSE	11	LICENSE= BSD3CLAUSE
12	LICENSE_FILE= ${WRKSRC}/COPYRIGHT	12	LICENSE_FILE= ${WRKSRC}/COPYRIGHT
13		13
14	LIB_DEPENDS= libjbig.so:graphics/jbigkit	14	LIB_DEPENDS= libdeflate.so:archivers/libdeflate \
		15	libjbig.so:graphics/jbigkit \
		16	libzstd.so:archivers/zstd
15		17
16	USES= cpe jpeg libtool pathfix	18	USES= cpe jpeg libtool localbase pathfix tar:xz
17	CPE_PRODUCT= libtiff	19	CPE_PRODUCT= libtiff
18	CPE_VERSION= ${DISTVERSION:C/[a-z]+//}	20	CPE_VERSION= ${DISTVERSION:C/[a-z]+//}
19	CPE_UPDATE= ${DISTVERSION:C/[0-9.]+//}	21	CPE_UPDATE= ${DISTVERSION:C/[0-9.]+//}
20	USE_LDCONFIG= yes	22	USE_LDCONFIG= yes
21	GNU_CONFIGURE= yes	23	GNU_CONFIGURE= yes
22	CONFIGURE_ARGS+= --with-jpeg-include-dir=${LOCALBASE}/include \	24	CONFIGURE_ARGS= --without-x \
23	--with-jpeg-lib-dir=${LOCALBASE}/lib \
24	--without-x \
25	--disable-webp \	25	--disable-webp \
26	--disable-zstd
27		26
28	INSTALL_TARGET= install-strip	27	INSTALL_TARGET= install-strip
29	TEST_TARGET= check	28	TEST_TARGET= check

Added Link Here

(-)b/graphics/tiff/files/patch-git-01-dd1bcc7abb26094e93636e85520f0d8f81ab0fab (+180 lines)
1	From dd1bcc7abb26094e93636e85520f0d8f81ab0fab Mon Sep 17 00:00:00 2001
2	From: 4ugustus <wangdw.augustus@qq.com>
3	Date: Sat, 11 Jun 2022 09:31:43 +0000
4	Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428)
5
6	---
7	libtiff/tif_aux.c \| 9 +++++++
8	libtiff/tiffiop.h \| 1 +
9	tools/tiffcrop.c \| 62 ++++++++++++++++++++++++++---------------------
10	3 files changed, 44 insertions(+), 28 deletions(-)
11
12	diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
13	index 140f26c7..5b88c8d0 100644
14	--- libtiff/tif_aux.c
15	+++ libtiff/tif_aux.c
16	@@ -402,6 +402,15 @@ float _TIFFClampDoubleToFloat( double val )
17	return (float)val;
18	}
19
20	+uint32_t _TIFFClampDoubleToUInt32(double val)
21	+{
22	+ if( val < 0 )
23	+ return 0;
24	+ if( val > 0xFFFFFFFFU \|\| val != val )
25	+ return 0xFFFFFFFFU;
26	+ return (uint32_t)val;
27	+}
28	+
29	int _TIFFSeekOK(TIFF* tif, toff_t off)
30	{
31	/* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
32	diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
33	index e3af461d..4e8bdac2 100644
34	--- libtiff/tiffiop.h
35	+++ libtiff/tiffiop.h
36	@@ -365,6 +365,7 @@ extern double _TIFFUInt64ToDouble(uint64_t);
37	extern float _TIFFUInt64ToFloat(uint64_t);
38
39	extern float _TIFFClampDoubleToFloat(double);
40	+extern uint32_t _TIFFClampDoubleToUInt32(double);
41
42	extern tmsize_t
43	_TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32_t strip,
44	diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
45	index 1f827b2b..90286a5e 100644
46	--- tools/tiffcrop.c
47	+++ tools/tiffcrop.c
48	@@ -5268,17 +5268,17 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
49	{
50	if ((crop->res_unit == RESUNIT_INCH) \|\| (crop->res_unit == RESUNIT_CENTIMETER))
51	{
52	- x1 = (uint32_t) (crop->corners[i].X1 * scale * xres);
53	- x2 = (uint32_t) (crop->corners[i].X2 * scale * xres);
54	- y1 = (uint32_t) (crop->corners[i].Y1 * scale * yres);
55	- y2 = (uint32_t) (crop->corners[i].Y2 * scale * yres);
56	+ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres);
57	+ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres);
58	+ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres);
59	+ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres);
60	}
61	else
62	{
63	- x1 = (uint32_t) (crop->corners[i].X1);
64	- x2 = (uint32_t) (crop->corners[i].X2);
65	- y1 = (uint32_t) (crop->corners[i].Y1);
66	- y2 = (uint32_t) (crop->corners[i].Y2);
67	+ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1);
68	+ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2);
69	+ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
70	+ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
71	}
72	/* a) Region needs to be within image sizes 0.. width-1; 0..length-1
73	* b) Corners are expected to be submitted as top-left to bottom-right.
74	@@ -5357,17 +5357,17 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
75	{
76	if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
77	{ /* User has specified pixels as reference unit */
78	- tmargin = (uint32_t)(crop->margins[0]);
79	- lmargin = (uint32_t)(crop->margins[1]);
80	- bmargin = (uint32_t)(crop->margins[2]);
81	- rmargin = (uint32_t)(crop->margins[3]);
82	+ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]);
83	+ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]);
84	+ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]);
85	+ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]);
86	}
87	else
88	{ /* inches or centimeters specified */
89	- tmargin = (uint32_t)(crop->margins[0] * scale * yres);
90	- lmargin = (uint32_t)(crop->margins[1] * scale * xres);
91	- bmargin = (uint32_t)(crop->margins[2] * scale * yres);
92	- rmargin = (uint32_t)(crop->margins[3] * scale * xres);
93	+ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres);
94	+ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres);
95	+ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres);
96	+ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres);
97	}
98
99	if ((lmargin + rmargin) > image->width)
100	@@ -5397,24 +5397,24 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
101	if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
102	{
103	if (crop->crop_mode & CROP_WIDTH)
104	- width = (uint32_t)crop->width;
105	+ width = _TIFFClampDoubleToUInt32(crop->width);
106	else
107	width = image->width - lmargin - rmargin;
108
109	if (crop->crop_mode & CROP_LENGTH)
110	- length = (uint32_t)crop->length;
111	+ length = _TIFFClampDoubleToUInt32(crop->length);
112	else
113	length = image->length - tmargin - bmargin;
114	}
115	else
116	{
117	if (crop->crop_mode & CROP_WIDTH)
118	- width = (uint32_t)(crop->width * scale * image->xres);
119	+ width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres);
120	else
121	width = image->width - lmargin - rmargin;
122
123	if (crop->crop_mode & CROP_LENGTH)
124	- length = (uint32_t)(crop->length * scale * image->yres);
125	+ length = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres);
126	else
127	length = image->length - tmargin - bmargin;
128	}
129	@@ -5868,13 +5868,13 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
130	{
131	if (page->res_unit == RESUNIT_INCH \|\| page->res_unit == RESUNIT_CENTIMETER)
132	{ /* inches or centimeters specified */
133	- hmargin = (uint32_t)(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
134	- vmargin = (uint32_t)(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
135	+ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
136	+ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
137	}
138	else
139	{ /* Otherwise user has specified pixels as reference unit */
140	- hmargin = (uint32_t)(page->hmargin * scale * ((image->bps + 7) / 8));
141	- vmargin = (uint32_t)(page->vmargin * scale * ((image->bps + 7) / 8));
142	+ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8));
143	+ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8));
144	}
145
146	if ((hmargin * 2.0) > (pwidth * page->hres))
147	@@ -5912,13 +5912,13 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
148	{
149	if (page->mode & PAGE_MODE_PAPERSIZE )
150	{
151	- owidth = (uint32_t)((pwidth * page->hres) - (hmargin * 2));
152	- olength = (uint32_t)((plength * page->vres) - (vmargin * 2));
153	+ owidth = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2));
154	+ olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2));
155	}
156	else
157	{
158	- owidth = (uint32_t)(iwidth - (hmargin * 2 * page->hres));
159	- olength = (uint32_t)(ilength - (vmargin * 2 * page->vres));
160	+ owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres));
161	+ olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres));
162	}
163	}
164
165	@@ -5927,6 +5927,12 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
166	if (olength > ilength)
167	olength = ilength;
168
169	+ if (owidth == 0 \|\| olength == 0)
170	+ {
171	+ TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");
172	+ exit(EXIT_FAILURE);
173	+ }
174	+
175	/* Compute the number of pages required for Portrait or Landscape */
176	switch (page->orient)
177	{
178	--
179	GitLab
180