From: Cristy <mikayla-grace@urban-warrior.org>
Date: Mon, 26 Jul 2021 13:38:45 -0400
Subject: heap-based buffer overflow in TIFF coder (alert from Hunter
 Mitchell)

bug: https://github.com/ImageMagick/ImageMagick6/issues/245
origin: https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea
---
 coders/tiff.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/coders/tiff.c b/coders/tiff.c
index 38badad..c326559 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1972,12 +1972,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         number_pixels=(MagickSizeType) columns*rows;
         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
-        extent=TIFFTileSize(tiff);
-#if defined(TIFF_VERSION_BIG)
-        extent=MagickMax(rows*columns*sizeof(uint64),extent);
-#else
-        extent=MagickMax(rows*columns*sizeof(uint32),extent);
-#endif
+        extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
         tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
           sizeof(*tile_pixels));
         if (tile_pixels == (unsigned char *) NULL)
