From: Václav Slavík <vslavik@fastmail.fm>
Date: Fri, 24 Dec 2004 11:48:14 +0000 (+0000)
Subject: security fix (patch 1089659)
X-Git-Url: https://git.saurik.com/wxWidgets.git/commitdiff_plain/2c15c98b3361b6b18bc44ac1c63a10fd9dd9428f?ds=inline

security fix (patch 1089659)


git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@31140 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775
---

diff --git a/src/tiff/VERSION b/src/tiff/VERSION
index de4dc85aca..0ed63eab34 100644
--- a/src/tiff/VERSION
+++ b/src/tiff/VERSION
@@ -1 +1 @@
-3.6.1-2
+3.6.1-3
diff --git a/src/tiff/tif_dirread.c b/src/tiff/tif_dirread.c
index 4c4991a62a..96ecfe59ed 100644
--- a/src/tiff/tif_dirread.c
+++ b/src/tiff/tif_dirread.c
@@ -67,7 +67,7 @@ CheckMalloc(TIFF* tif, size_t nmemb, size_t elem_size, const char* what)
 	char	*cp = NULL;
 	tsize_t	bytes = nmemb * elem_size;
 
-	if (elem_size && bytes / elem_size == nmemb)
+	if (nmemb && elem_size && bytes / elem_size == nmemb)
 		cp = (char*)_TIFFmalloc(bytes);
 
 	if (cp == NULL)
diff --git a/src/tiff/tif_fax3.c b/src/tiff/tif_fax3.c
index e816107fc0..4318bf3a32 100644
--- a/src/tiff/tif_fax3.c
+++ b/src/tiff/tif_fax3.c
@@ -443,7 +443,7 @@ CheckMalloc(TIFF* tif, size_t nmemb, size_t elem_size, const char* what)
 	char	*cp = NULL;
 	tsize_t	bytes = nmemb * elem_size;
 
-	if (elem_size && bytes / elem_size == nmemb)
+	if (nmemb && elem_size && bytes / elem_size == nmemb)
 		cp = (char*) _TIFFmalloc(bytes);
 
 	if (cp == NULL)