From dd7e83cca76632d875bc21dedf7a1fd421e7ac5e Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Wed, 17 May 2017 12:06:53 -0700
Subject: [PATCH] tiffdec,ReadTIFF: ensure data_size is < tsize_t max

Change-Id: I0ad9589a7f994294100e1c5a38abf6ebe417f8a9
---
 imageio/tiffdec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/imageio/tiffdec.c b/imageio/tiffdec.c
index 81e331d2..92eb682d 100644
--- a/imageio/tiffdec.c
+++ b/imageio/tiffdec.c
@@ -15,6 +15,7 @@
 #include "webp/config.h"
 #endif
 
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
 
@@ -162,7 +163,9 @@ int ReadTIFF(const uint8_t* const data, size_t data_size,
   int ok = 0;
   tdir_t dircount;
 
-  if (data == NULL || data_size == 0 || pic == NULL) return 0;
+  if (data == NULL || data_size == 0 || data_size > INT_MAX || pic == NULL) {
+    return 0;
+  }
 
   tif = TIFFClientOpen("Memory", "r", &my_data,
                        MyRead, MyRead, MySeek, MyClose,