2014.12.27 23:06 "[Tiff] [PATCH] tiff2ps: fix grayscale with unassociated alpha (and other extrasamples != 0)", by Yuriy M. Kaminskiy

2014.12.31 14:33 "Re: [Tiff] [PATCH] tif_luv, tif_pixarlog, ppm2tiff: get rid of duplicates of TIFFSafeMultiply", by Olivier Paquet

2014-12-30 15:55 GMT-05:00 Jürgen Buchmüller <pullmoll@t-online.de>:

Am Dienstag, den 30.12.2014, 23:41 +0300 schrieb Yuriy M. Kaminskiy:

While fixing that, I noticed some very WTF code: add_ms in

libtiff/tif_pixarlog.c and checkAdd64 in tools/tiff2pdf.c

I'm not sure what are they trying to do, but I'm pretty sure they are doing it

WRONG and both cannot possibly work, due to different reasons. Please take a

look or two.

add_ms and multiply_ms look like they're meant to work in a "0 means overflow" kind of algebra, where the initial input is > 0 (even though signed type). Under that assumption, I think it is ok. It could definitely use a comment explaining that though.

I don't see add_ms in my copy (4.0.3) of the source. multiply_ms looks like it could work, though. For checkAdd64 I also don't see how it could work as intended.

Perhaps this line would work

        if ((summand1/2 + summand2/2 + 1) & (1ull << 63)) {

I don't know but it's certainly not obvious if it does. There is a lot simpler for unsigned types:

    if( bytes < summand1 ) {

I'm fairly certain it covers all possible overflows and nothing else. If no one objects, I will make both changes.